US 11,941,113 B2
Known-deployed file metadata repository and analysis engine
Dan E. Summers, Buckley (GB); Jeffrey Texada, Carrollton, TX (US); Matthew E. Kelly, Chicago, IL (US); and Steven Dimaria, Charlotte, NC (US)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on May 13, 2021, as Appl. No. 17/319,299.
Prior Publication US 2022/0366038 A1, Nov. 17, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/55 (2013.01)
CPC G06F 21/552 (2013.01) 20 Claims
OG exemplary drawing
 
1. A method comprising:
enumerating, by a known deployed file metadata analysis engine, available files stored on a software distribution point (SDP) computing system;
comparing, by the known deployed file metadata analysis engine, enumerated files to logical paths associated with the SDP computing system to identify one or more new files;
retrieving, by the known deployed file metadata analysis engine from the SDP computing system via a network, the one or more new files;
extracting, by the known deployed file metadata analysis engine, metadata from each of the one or more new files;
recursively extracting, based on an indication that a file of the one or more new files is a container file and by the known deployed file metadata analysis engine, metadata from each file stored in the container file of the one or more new files;
identifying, by the known deployed file metadata analysis engine, a match of metadata of a file of the one or more new files and metadata stored in a data store comprising information stored of “known-good” files and that comprises an indication of one or more of an associated internal development group and a trusted vendor providing “safe” applications;
enriching, by the known deployed file metadata analysis engine, the matched metadata with an indication that the file is “known-deployed” to positively confirm that events associated with the one or more new files are related to deployment activity, wherein the indication comprises artifact metadata only available during dynamic execution of a particular entry of an artifact by the known deployed file metadata analysis engine, and wherein the artifact metadata comprises an indication of the SDP and an indication that the file was introduced to a host through methods associated with approved software distribution practices and wherein artifact file metadata is enriched with labels to identify a functionality associated with the artifact; and
triggering, by the known deployed file metadata analysis engine and based on enrichment of the matched metadata, deployment of one or more files by the SDP, wherein the one or more files are associated with metadata indicating the file is “known-deployed”.