Distributed digital security system
摘要
說明書
In some examples, one or more elements of the distributed security system 100 can store local copies or archives of ontological definitions 134 and/or interface fulfillment maps 140 previously received from the ontology service 110. However, if an element of the distributed security system 100 receives data in an unrecognized format, the element can obtain a corresponding ontological definition 134 or interface fulfillment map 140 from the ontology service 110 such that the element can understand and/or interpret the data. The ontology service 110 can also store archives of old ontological definitions 134 and/or interface fulfillment maps 140, such that elements of the distributed security system 100 can obtain copies of older ontological definitions 134 or interface fulfillment maps 140 if needed.
For instance, if for some reason a particular security agent 108 running on a client device 104 has not been updated in a year and is using an out-of-date configuration 132 based on old ontological definitions 134, that security agent 108 may be reporting event data 122 to the security network 106 based on an outdated context collection format 136 that more recently-updated cloud elements of the distributed security system 100 do not directly recognize. However, in this situation, cloud elements of the distributed security system 100 can retrieve old ontological definitions 134 from the ontology service 110 and thus be able to interpret event data 122 formatted according to an older context collection format 136.
