US2022318379A1PendingUtilityA1

Audit log enhancement

Assignee: VARONIS SYSTEMS INCPriority: Jun 2, 2016Filed: Jun 17, 2022Published: Oct 6, 2022
Est. expiryJun 2, 2036(~9.9 yrs left)· nominal 20-yr term from priority
Inventors:Yakov Faitelson
G06F 2221/2101H04L 67/535H04L 51/52G06F 11/3438H04L 61/5007H04L 2463/121G06F 21/552H04L 63/1408G06F 2221/2151G06F 16/951H04L 67/60
73
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system for monitoring actual access to data elements in an enterprise computer network and providing associated data, the system including an at least near real time data element audit subsystem providing audit output data including at least one of a time stamp, identification of an accessor, user depository stored data regarding the accessor, accessed data element data, affected data element data, type of access operation, source IP address of access and access outcome data, in at least near real time, relating to actual access to data elements in the enterprise computer network, and an additional data providing subsystem receiving in at least near real time at least a part of the audit output data and utilizing the at least part of the audit output data for providing additional data which is not part of the audit output data.

Claims

exact text as granted — not AI-modified
1 . A system for monitoring actual access to data elements in an enterprise computer network and providing associated data, the system comprising:
 an at least near real time data element audit subsystem providing at least data relating to an IP address of a computer used in at least one actual access to at least one data element, performed by an individual;   an additional data providing subsystem for providing data indicating a malicious reputation of at least one IP address; and   an analysis engine receiving outputs from said at least near real time data element audit subsystem and from said additional data providing subsystem and providing data indicating that said IP address used in said at least one actual access performed by said individual has a malicious reputation.   
     
     
         2 . A system according to  claim 1  and wherein said additional data providing subsystem provides said data indicating a malicious reputation of at least one IP address, in at least near real time. 
     
     
         3 . A system according to  claim 1  and wherein said additional data providing subsystem provides data indicating a malicious reputation of at least one IP address, from at least one data source outside of said enterprise computer network. 
     
     
         4 . A system according to  claim 1  and wherein said analysis engine provides said data indicating that said IP address used in said at least one actual access performed by said individual has a malicious reputation in at least near real time. 
     
     
         5 . A system according to  claim 1  and wherein operation of said additional data providing subsystem is triggered by at least one existing actual access to at least one data element in said enterprise computer network. 
     
     
         6 . A system according to  claim 1  and wherein operation of said additional data providing subsystem is triggered on a scheduled basis to analyze actual accesses to at least one data element in said enterprise computer network. 
     
     
         7 . A system according to  claim 1  and wherein operation of said additional data providing subsystem is triggered by at least one user defined rule, which is based at least on time and on said existence of said actual access. 
     
     
         8 . A system according to  claim 1  and wherein a notification from an external source triggers operation of said analysis engine to provide a retroactive analysis of past actual accesses to at least one data element in said enterprise computer network. 
     
     
         9 . A system according to  claim 8  and wherein said notification triggers scrutiny of future actual accesses to at least one data element in said enterprise computer network. 
     
     
         10 . A method for monitoring actual access to data elements in an enterprise computer network and providing associated data, the method comprising:
 providing in at least near real time at least data relating to an IP address of a computer used in at least one actual access performed by an individual;   providing in at least near real time data indicating a malicious reputation of at least one IP address; and   providing in at least near real time data indicating that said IP address used in said at least one actual access performed by said individual has a malicious reputation.   
     
     
         11 . A method according to  claim 10  and wherein said data indicating a malicious reputation of at least one IP address used in said at least one actual access performed by said individual is provided from at least one data source outside of said enterprise computer network. 
     
     
         12 . A method according to  claim 10  and wherein at least one existing actual access to a data element in said enterprise computer network triggers said providing of said data relating to an IP address of a computer used in at least one actual access. 
     
     
         13 . A method according to  claim 10  and wherein said data is provided on a scheduled basis to analyze actual accesses to at least one data element in said enterprise computer network. 
     
     
         14 . A method according to  claim 10  and wherein said data is provided in accordance with at least one of user defined rule, which is based at least on time and on existence of said actual access. 
     
     
         15 . A method according to  claim 10  and wherein a notification from an external source triggers providing a retroactive analysis of past actual accesses to at least one data element in said enterprise computer network. 
     
     
         16 . A method according to  claim 15  and wherein said notification triggers scrutiny of future actual accesses to at least one data element in said enterprise computer network.

Join the waitlist — get patent alerts

Track US2022318379A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.