Abstract: A method of investigating a host computer uses an investigation system remote to the host computer. The investigation system includes at least one computer system. The method includes establishing a connection with the remote host computer, and sending at least one investigative module to the host computer. The at least one investigative module is configured to run on the host computer to perform at least one investigative function on the host computer. The at least one investigative module includes an agentless computer program configured to run on the host computer to perform at least one investigative function on the host computer to investigate the host computer to ascertain if the host computer has any data or process (hereinafter collectively referred to as data forms) with suspicious attributes.

Abstract: A method of investigating a host computer uses an investigation system remote to the host computer. The investigation system includes at least one computer system. The method includes establishing a connection with the remote host computer, and sending at least one investigative module to the host computer. The at least one investigative module is configured to run on the host computer to perform at least one investigative function on the host computer. The at least one investigative module includes an agentless computer program configured to run on the host computer to perform at least one investigative function on the host computer to investigate the host computer to ascertain if the host computer has any data or process (hereinafter collectively referred to as data forms) with suspicious attributes.

Abstract: A method of investigating a host computer uses an investigation system remote to the host computer. The investigation system includes at least one computer system. The method includes establishing a connection with the remote host computer, and sending at least one investigative module to the host computer. The at least one investigative module is configured to run on the host computer to perform at least one investigative function on the host computer. The at least one investigative module includes an agentless computer program configured to run on the host computer to perform at least one investigative function on the host computer to investigate the host computer to ascertain if the host computer has any data or process (hereinafter collectively referred to as data forms) with suspicious attributes.

Abstract: A system and method are provided for investigating a remote host computer by using an agentless investigation system that includes a computer system with a computer processor coupled to a system memory and programmed with computer readable instructions. The method includes establishing a connection with the host computer and sending at least one agentless investigative module to the host computer. The investigative module runs on the host computer to perform at least one investigative function on the host computer. The investigative function includes an investigation of the host computer to ascertain if there are any user accounts of the host computer that have data forms including at least one authentication token in the form of an SSH public key. The investigative module is configured to locate the SSH public key and collect investigation data corresponding to the SSH public key.

Abstract: A method of investigating a host computer uses an investigation system remote to the host computer. The investigation system includes at least one computer system. The method includes establishing a connection with the remote host computer, and sending at least one investigative module to the host computer. The at least one investigative module is configured to run on the host computer to perform at least one investigative function on the host computer. The at least one investigative module includes an agentless computer program configured to run on the host computer to perform at least one investigative function on the host computer to investigate the host computer to ascertain if the host computer has any data or process (hereinafter collectively referred to as data forms) with suspicious attributes.

Abstract: An ester of a sugar and a brominated fatty acid is a useful FR additive for combustible polymers. The brominated FR additives unexpectedly are stable at the extrusion temperatures, and provide excellent flame retardancy to the combustible polymers.

Abstract: Extensible device data gathering is performed by a server in concert with at least one gatherer. The server accepts requests from clients and dispatches a gatherer to gather device data from devices on a network. When the data is returned, the server stores the data in a repository. The server also handles requests for repository data from clients. A gatherer presents an interface to the server which the server can use to dispatch the gatherer. The system is extensible because new gatherers may be created and may register with the server without any changes to the server. In one embodiment, this extensibility is achieved using the COM (Component Object Model) technology.

Abstract: A globally unique device identification is created. Initially, for a device, polling is performed for information regarding certain hardware components, such as hard disks, network cards, sound cards, video cards, etc. A device identifier is assigned to the device, which in one embodiment, is based on the hardware component information. The device identifier and the current information regarding the hardware components of the system are stored in a repository. Periodically, a new poll is performed of the hardware components of the system, and the current hardware component information in the repository is updated. A device is identified by the identity or similarity of the hardware component information read from the device with the stored current hardware component information.

Abstract: According to one embodiment of the invention, a computerized method for reducing the false alarm rate of network intrusion detection systems includes receiving, from a network intrusion detection sensor, one or more data packets associated with an alarm indicative of a potential attack on a target host and identifying characteristics of the alarm from the data packets. The characteristics include at least an attack type and an operating system fingerprint of the target host. The method further includes identifying the operating system type from the operating system fingerprint, comparing the attack type to the operating system type, and indicating whether the target host is vulnerable to the attack based on the comparison.

Abstract: Extensible device data gathering is performed by a server in concert with at least one gatherer. The server accepts requests from clients and dispatches a gatherer to gather device data from devices on a network. When the data is returned, the server stores the data in a repository. The server also handles requests for repository data from clients. A gatherer presents an interface to the server which the server can use to dispatch the gatherer. The system is extensible because new gatherers may be created and may register with the server without any changes to the server. In one embodiment, this extensibility is achieved using the COM (Component Object Model) technology.

Abstract: A globally unique device identification is created. Initially, for a device, polling is performed for information regarding certain hardware components, such as hard disks, network cards, sound cards, video cards, etc. A device identifier is assigned to the device, which in one embodiment, is based on the hardware component information. The device identifier and the current information regarding the hardware components of the system are stored in a repository. Periodically, a new poll is performed of the hardware components of the system, and the current hardware component information in the repository is updated. A device is identified by the identity or similarity of the hardware component information read from the device with the stored current hardware component information.