CPC G06F 21/554 (2013.01) [G06F 21/552 (2013.01); H04L 63/20 (2013.01); G06F 2221/034 (2013.01)] | 20 Claims |
1. A computer-implemented method for operating an endpoint agent at an endpoint device, comprising:
providing the endpoint device with an endpoint agent, the endpoint device and the endpoint agent providing a protected endpoint, the endpoint agent comprising an endpoint core and one or more collectors, each collector comprising a configuration engine, a business logic analytics module communicating with the configuration engine, an ingress filter communicating with the business logic analytics module and an egress filter communicating with the business logic analytics module;
operating the endpoint agent to selectively subscribe, using the business logic analytics module and the ingress filter of the endpoint agent, to events corresponding to activities occurring at an endpoint platform, the ingress filter being configured by the configuration engine to pass through subscribed events for selective processing by the endpoint agent;
processing events received from a message bus by the endpoint agent using the business logic analytics module, wherein
the events processed by the endpoint agent are events to which the endpoint agent has subscribed, and
the business logic analytics module is configured to execute analytics operations on the events based on a set of policy rules for provision to a service corresponding only to the endpoint agent; and
communicating, by the business logic analytics module, to the service corresponding to the endpoint agent, information corresponding to the events processed by the endpoint agent, wherein
said communicating is performed using a service connector of the endpoint agent that provides a communication path to the service;
the endpoint core, endpoint agent, and one or more endpoint collectors cooperate with one another as resources of a unified endpoint system; and
the endpoint core dynamically reconfigures at least one of the endpoint collectors and the endpoint agent during operation of the endpoint device to prevent at least one of overutilization and underutilization of the resources of the unified endpoint system.
|