Secure management of process properties
US-2019080078-A1 · Mar 14, 2019 · US
Data correlation using file object cache
US11238152B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11238152-B2 |
| Application number | US-201916527405-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 31, 2019 |
| Priority date | Jul 31, 2019 |
| Publication date | Feb 1, 2022 |
| Grant date | Feb 1, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Some examples relate generally to computer architecture software for data classification and information security and, in some more particular aspects, to verifying audit events in a file system.
First claim
Opening claim text (preview).
The invention claimed is: 1. A data management system, comprising: at least one storage device storing a base file and one or more forward incremental files; a mini-filter including one or more processors in communication with the at least one storage device, the one or more processors configured to perform operations including: identifying audit events associated with user file accesses in a monitored computer system, the audit events including a create event and a subsequent event, the subsequent event including a read, write, or cleanup event; identifying a pair value including a user ID and remote IP address at the create event; associating the pair value with a file object id for the base file or the one or more forward incremental files; storing the associated file object id and pair value in a map in a file object cache in the at least one storage device; and retrieving the file object id from the file object cache at the subsequent event. 2. The data management system of claim 1 , wherein the file object id is used as an authorization or verification key for the subsequent event. 3. The data management system of claim 1 , wherein the one or more processors is further configured to remove the file object id from the map in the file object cache at a cleanup event included in the subsequent event. 4. The data management system of claim 3 , wherein the cleanup event includes a closing or deletion of a file object associated with the file object id. 5. The data management system of claim 4 , wherein the one or more processors is further configured to apply a time stamp to the file object. 6. The data management system of claim 5 , wherein the one or more processors is further configured to remove the file object id and pair value from the map in the file object cache based on the timestamp meeting or exceeding a threshold value. 7. A computer-implemented method at a data management system, the method comprising: identifying audit events associated with user file accesses in a monitored computer system, the audit events including a create event and a subsequent event, the subsequent event including a read, write, or cleanup event; identifying a pair value including a user ID and remote IP address at the create event; associating the pair value with a file object id for the base file or the one or more forward incremental files; storing the associated file object id and pair value in a map in a file object cache in the at least one storage device; and retrieving the file object id from the file object cache at the subsequent event. 8. The method of claim 7 , wherein the file object id is used as an authorization or verification key for the subsequent event. 9. The method of claim 7 , wherein the one or more processors is further configured to remove the file object id from the map in the file object cache at a cleanup event included in the subsequent event. 10. The method of claim 9 , wherein the cleanup event includes a closing or deletion of a file object associated with the file object id. 11. The method of claim 10 , wherein the one or more processors is further configured to apply a time stamp to the file object. 12. The method of claim 11 , wherein the one or more processors is further configured to remove the file object id and pair value from the map in the file object cache based on the timestamp meeting or exceeding a threshold value. 13. A non-transitory, machine-readable medium storing instructions which, when read by a machine, cause the machine to perform operations comprising, at least: identifying audit events associated with user file accesses in a monitored computer system, the audit events including a create event and a subsequent event, the subsequent event including a read, write, or cleanup event; identifying a pair value including a user ID and remote IP address at the create event; associating the pair value with a file object id for the base file or the one or more forward incremental files; storing the associated file object id and pair value in a map in a file object cache in the at least one storage device; and retrieving the file object id from the file object cache at the subsequent event. 14. The medium of claim 13 , wherein the file object id is used as an authorization or verification key for the subsequent event. 15. The medium of claim 13 , wherein the one or more processors is further configured to remove the file object id from the map in the file object cache at a cleanup event included in the subsequent event. 16. The medium of claim 15 , wherein the cleanup event includes a closing or deletion of a file object associated with the file object id. 17. The medium of claim 16 , wherein the one or more processors is further configured to apply a time stamp to the file object. 18. The medium of claim 17 , wherein the one or more processors is further configured to remove the file object id and pair value from the map in the file object cache based on the timestamp meeting or exceeding a threshold value.
Assignees
Inventors
Classifications
by selection of backup contents · CPC title
Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs · CPC title
Auditing as a secondary aspect · CPC title
Virtual · CPC title
Caching, prefetching or hoarding of files · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11238152B2 cover?
- Some examples relate generally to computer architecture software for data classification and information security and, in some more particular aspects, to verifying audit events in a file system.
- Who is the assignee on this patent?
- Rubrik Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/552. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 01 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).