Data correlation using file object cache
US-11238152-B2 · Feb 1, 2022 · US
Data correlation using file object cache
US11487569B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11487569-B2 |
| Application number | US-201916527396-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 31, 2019 |
| Priority date | Jul 31, 2019 |
| Publication date | Nov 1, 2022 |
| Grant date | Nov 1, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Some examples relate generally to computer architecture software for data classification and information security and, in some more particular aspects, to verifying audit events in a file system.
First claim
Opening claim text (preview).
The invention claimed is: 1. A data management system, comprising: a first storage device configured to store a base file associated with a first version of a virtual machine; a second storage device configured to store one or more forward incremental files associated with one or more versions of the virtual machine; and a mini-filter including one or more processors in communication with the first storage device and the second storage device, the one or more processors of the mini-filter configured to perform operations including: identifying audit events associated with user file accesses in a monitored computer system, the audit events including a create event and a subsequent event, the subsequent event including a read, write, or cleanup event; resolving a pair value including a user identifier (ID) and remote internet protocol (IP) address at the create event; associating the pair value with a file object ID for the base file or the one or more forward incremental files; and storing the associated file object ID and pair value in a map in a file object cache. 2. The data management system of claim 1 , wherein the one or more processors is further configured to: retrieve the file object ID from the file object cache at e subsequent event. 3. The data management system of claim 1 , wherein the file object ID is used as an authorization or verification key for the subsequent event. 4. The data management system of claim 1 , wherein the one or more processors is further configured to remove the file object ID from the map in the file object cache at the cleanup event included in the subsequent event. 5. The data management system of claim 4 , wherein the cleanup event includes a closing or deletion of a file object associated with the file object ID. 6. The data management system of claim 5 , wherein the one or more processors is further configured to apply a timestamp to the file object and remove the file object ID and pair value from the map in the file object cache based on the timestamp meeting or exceeding a threshold value. 7. A computer-implemented method at a data management system, the method comprising: identifying audit events associated with user file accesses in a monitored computer system, the audit events including a create event and a subsequent event, the subsequent event including a read, write, or cleanup event; resolving a pair value including a user identifier (ID) and remote internet protocol (IP) address at the create event; associating the pair value with a file object ID for a base file associated with a first version of a virtual machine or one or more forward incremental files associated with one or more versions of the virtual machine; and storing the associated file object ID and pair value in a map in a file object cache. 8. The method of claim 7 , further comprising: retrieving the file object ID from the file object cache at the subsequent event. 9. The method of claim 7 , wherein the file object ID is used as an authorization or verification key for the subsequent event. 10. The method of claim 7 , further comprising: removing the file object ID from the map in the file object cache at the cleanup event included in the subsequent event. 11. The method of claim 10 , wherein the cleanup event includes a closing or deletion of a file object associated with the file object ID. 12. The method of claim 11 , further comprising: applying a timestamp to the file object and remove the file object ID and pair value from the map in the file object cache based on the timestamp meeting or exceeding a threshold value. 13. A non-transitory, machine-readable medium storing instructions which, when read by a machine, cause the machine to perform operations comprising, at least: identifying audit events associated with user file accesses in a monitored computer system, the audit events including a create event and a subsequent event, the subsequent event including a read, write, or cleanup event; resolving a pair value including a user identifier (ID) and remote internet protocol (IP) address at the create event; associating the pair value with a file object ID for a base file associated with a first version of a virtual machine or one or more forward incremental files associated with one or more versions of the virtual machine; and storing the associated file object ID and pair value in a map in a file object cache. 14. The medium of claim 13 , wherein the instructions further cause the machine to: retrieve the file object ID from the file object cache at the subsequent event. 15. The medium of claim 13 , wherein the file object ID is used as an authorization or verification key for the subsequent event. 16. The medium of claim 13 , wherein the instructions further cause the machine to: remove the file object ID from the map in the file object cache at the cleanup event included in the subsequent event. 17. The medium of claim 16 , wherein the cleanup event includes a closing or deletion of a file object associated with the file object ID. 18. The medium of claim 17 , wherein the instructions further cause the machine to: apply a timestamp to the file object and remove the file object ID and the pair value from the map in the file object cache based on the timestamp meeting or exceeding a threshold value.
Assignees
Inventors
Classifications
by selection of backup contents · CPC title
- G06F9/45558Primary
Hypervisor-specific management and integration aspects · CPC title
involving long-term monitoring or reporting · CPC title
Starting, stopping, suspending or resuming virtual machine instances · CPC title
Versioning file systems, temporal file systems, e.g. file system supporting different historic versions of files · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11487569B2 cover?
- Some examples relate generally to computer architecture software for data classification and information security and, in some more particular aspects, to verifying audit events in a file system.
- Who is the assignee on this patent?
- Rubrik Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F9/45558. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 01 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).