Method and apparatus for providing forensic visibility into systems and networks

Assignee

• WEBROOT INC. · US

Inventors

• Joseph A. Jaroch · Elk Grove Village, US
• Jacques Etienne Erasmus · Belper, GB
• Paul Barnes · Chepstow, GB
• Johannes Mayr · Linz, AT
• Michael Leidesdorff · Niwot, US
• Marco Giuliani · Cassinetta, IT
• Christopher Jon Williams · Matlock, GB
• Chad Edward Bacher · Arvada, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1425
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Methods and systems for providing forensic visibility into systems and networks are provided. More particularly, a sensor agent may receive events defining an action of a first object acting on a target. The object, the event, and the target are then correlated to at least one originating object such that an audit trail for each individual event is created. A global perspective indicating an age, popularity, a determination as to whether the object may be malware, and IP/URL information associated with the event may then be applied to at least one of the object, the event, the target, and the originating object. A priority may then be determined and assigned to the event based on at least the global perspective. An event line containing event information is then transmitted to an end recipient where the information may be heuristically displayed.