CPC H04L 63/1433 (2013.01) [G06F 8/65 (2013.01); H04L 41/0853 (2013.01); H04L 41/0866 (2013.01); H04L 41/12 (2013.01); H04L 63/0876 (2013.01); H04L 63/1416 (2013.01); H04L 63/20 (2013.01)] | 17 Claims |
1. A method for using inventory rules to efficiently identify devices of a computer network, the method comprising:
intercepting data traffic across one or more communication links of the computer network;
analyzing the intercepted data traffic to determine whether one or more of a plurality of inventory rules is satisfied by the intercepted data traffic, wherein each of the plurality of inventory rules comprises one or more conditions indicating the presence of a particular computer network device having a set of parameters, wherein each one of the plurality of inventory rules has a weighting factor value indicative of a priority of the application of a corresponding rule and wherein the weighting factor value depends on previously identified devices;
identifying one or more devices of the computer network using the weighting factor value of the one or more satisfied inventory rules; and
wherein the plurality of inventory rules includes at least two of: i) a vendor rule listing one or more network addresses associated with each of the plurality of devices; ii) an asset rule configured to search for digital signatures identifying one or more devices and one or more parameters associated therewith; iii) a protocol rule configured to search for digital signatures to identify one or more network protocols being used by the intercepted data traffic; and iv) a fingerprint rule configured to determine one or more device parameters using digital fingerprints.
|