US 11,836,248 B2
System and method for operating an endpoint agent at an endpoint device
Peidong Chen, San Jose, CA (US); Manikandan Thiagarajan, Cupertino, CA (US); Michael Miller, Boulder Creek, CA (US); and Xin Hu, Pleasanton, CA (US)
Assigned to Forcepoint LLC, Austin, TX (US)
Filed by Forcepoint, LLC, Austin, TX (US)
Filed on Nov. 30, 2018, as Appl. No. 16/206,194.
Application 16/206,194 is a continuation of application No. 16/189,472, filed on Nov. 13, 2018, granted, now 10,885,186.
Prior Publication US 2020/0151328 A1, May 14, 2020
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 7/04 (2006.01); G06F 21/55 (2013.01); H04L 9/40 (2022.01)
CPC G06F 21/554 (2013.01) [G06F 21/552 (2013.01); H04L 63/20 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method for operating an endpoint agent at an endpoint device, comprising:
providing the endpoint device with an endpoint agent, the endpoint device and the endpoint agent providing a protected endpoint, the endpoint agent comprising an endpoint core and one or more collectors, each collector comprising a configuration engine, a business logic analytics module communicating with the configuration engine, an ingress filter communicating with the business logic analytics module and an egress filter communicating with the business logic analytics module;
operating the endpoint agent to selectively subscribe, using the business logic analytics module and the ingress filter of the endpoint agent, to events corresponding to activities occurring at an endpoint platform, the ingress filter being configured by the configuration engine to pass through subscribed events for selective processing by the endpoint agent;
processing events received from a message bus by the endpoint agent using the business logic analytics module, wherein
the events processed by the endpoint agent are events to which the endpoint agent has subscribed, and
the business logic analytics module is configured to execute analytics operations on the events based on a set of policy rules for provision to a service corresponding only to the endpoint agent; and
communicating, by the business logic analytics module, to the service corresponding to the endpoint agent, information corresponding to the events processed by the endpoint agent, wherein
said communicating is performed using a service connector of the endpoint agent that provides a communication path to the service;
the endpoint core, endpoint agent, and one or more endpoint collectors cooperate with one another as resources of a unified endpoint system; and
the endpoint core dynamically reconfigures at least one of the endpoint collectors and the endpoint agent during operation of the endpoint device to prevent at least one of overutilization and underutilization of the resources of the unified endpoint system.