CPC H04L 63/1425 (2013.01) [H04L 41/16 (2013.01); H04L 63/0236 (2013.01); H04L 63/10 (2013.01); H04L 63/1466 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
1. A policy management computer system, comprising:
one or more hardware processors; and
memory storing computer-executable instructions that, when executed by the one or more hardware processors, cause the one or more hardware processors to perform operations comprising:
identifying, from among a plurality of machines connected to a network, an originating machine associated with a suspect network activity;
selecting, from among a plurality of pre-existing deployable forensics software agents associated with different types of suspect network activities, a particular forensics software agent configured to collect computer forensics data associated with a type of the suspect network activity, wherein the plurality of pre-existing deployable forensics software agents is stored at the policy management computer system;
deploying, by transmitting deployment data to the originating machine via the network, the selected particular forensics software agent to collect the computer forensics data on the originating machine;
receiving the computer forensics data from the particular deployed forensics software agent; and
determining a response action based on the received computer forensics data.
|