公开(公告)号：WO2016112219A1

公开(公告)日：2016-07-14

申请号：PCT/US2016/012533

申请日：2016-01-07

Applicant: COUNTERTACK, INC.

Inventor： SZEKELY, Amir

IPC: H04L29/06 ,  G06F9/445 ,  G06F21/55 ,  G06F9/45 ,  G06F9/30

CPC classification number: H04L63/1416 ,  G06F8/41 ,  G06F9/30189 ,  G06F9/45508 ,  G06F21/55 ,  G06F2221/2127 ,  H04L63/14 ,  H04L63/145 ,  H04L63/205

Abstract: A computer implemented method of monitoring a collector computer system includes receiving machine interpretable code that is configured for interpretation by the interpreter that includes: information identifying a first set of one or more monitoring targets within the collector computer system, a method for monitoring the first set of one or more monitoring targets, and predefined reporting criteria. The method also includes interpreting the machine interpretable code with an interpreter; monitoring at least a subset of the first set of one or more monitoring targets for candidate activity that satisfies the predefined reporting criteria by executing compiled instructions that correspond to the method for monitoring the first set of one or more monitoring targets; obtaining candidate event information that is associated with the candidate activity; and reporting the candidate event information to a computer system that is distinct from the collector computer system.

Abstract translation: 监测收集器计算机系统的计算机实现的方法包括接收机可解释代码，其被配置为由解释器进行解释，其包括：标识收集器计算机系统内的一个或多个监视目标的第一组的信息，用于监视第一组 一个或多个监控目标和预定义的报告标准。 该方法还包括用解释器解释机器可解释代码; 通过执行与用于监视第一组一个或多个监视目标的方法对应的编译指令来监视满足预定报告准则的候选活动的第一组一个或多个监视目标的至少一个子集; 获取与候选活动相关联的候选事件信息; 并将候选事件信息报告给与收集器计算机系统不同的计算机系统。