公开(公告)号：US09785773B2

公开(公告)日：2017-10-10

申请号：US14668833

申请日：2015-03-25

Applicant: Palantir Technologies Inc.

Inventor： Matthew Falk ,  Timothy Yousaf ,  Joseph Staehle ,  Lucas Lemanowicz ,  Sebastien Noury ,  Robin Lim ,  Michael Glazer

IPC: G06F21/56 ,  H04L29/06 ,  G06F21/62

CPC classification number: G06F21/56 ,  G06F21/6209 ,  G06F21/6218 ,  G06F2221/034 ,  H04L63/105

Abstract: Embodiments of the present disclosure relate to a data analysis system that may automatically analyze a suspected malware file, or group of files. Automatic analysis of the suspected malware file(s) may include one or more automatic analysis techniques. Automatic analysis of may include production and gathering of various items of information related to the suspected malware file(s) including, for example, calculated hashes, file properties, academic analysis information, file execution information, third-party analysis information, and/or the like. The analysis information may be automatically associated with the suspected malware file(s), and a user interface may be generated in which the various analysis information items are presented to a human analyst such that the analyst may quickly and efficiently evaluate the suspected malware file(s). For example, the analyst may quickly determine one or more characteristics of the suspected malware file(s), whether or not the file(s) is malware, and/or a threat level of the file(s).

公开(公告)号：US20170187739A1

公开(公告)日：2017-06-29

申请号：US15459872

申请日：2017-03-15

Applicant: Palantir Technologies Inc.

Inventor： Ezra Spiro ,  Joseph Staehle ,  Andrew Levine ,  Juan Ricafort ,  Alvaro Morales

IPC: H04L29/06 ,  G06F3/0482 ,  G06F17/30

CPC classification number: H04L63/1425 ,  G06F3/0482 ,  G06F16/24578 ,  G06F16/951 ,  G06F21/552 ,  H04L51/12 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/1483

Abstract: A data analysis system receives potentially undesirable electronic communications and automatically groups them in computationally-efficient data clusters, automatically analyze those data clusters, automatically tags and groups those data clusters, and provides results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the data clusters may include an automated application of various criteria or rules so as to generate an ordered display of the groups of related data clusters such that the analyst may quickly and efficiently evaluate the groups of data clusters. In particular, the groups of data clusters may be dynamically re-grouped and/or filtered in an interactive user interface so as to enable an analyst to quickly navigate among information associated with various groups of data clusters and efficiently evaluate those data clusters.

公开(公告)号：US20160004864A1

公开(公告)日：2016-01-07

申请号：US14668833

申请日：2015-03-25

Applicant: Palantir Technologies Inc.

Inventor： Matthew Falk ,  Timothy Yousaf ,  Joseph Staehle ,  Lucas Lemanowicz ,  Sebastien Noury ,  Robin Lim ,  Michael Glazer

IPC: G06F21/56

CPC classification number: G06F21/56 ,  G06F21/6209 ,  G06F21/6218 ,  G06F2221/034 ,  H04L63/105

Abstract: Embodiments of the present disclosure relate to a data analysis system that may automatically analyze a suspected malware file, or group of files. Automatic analysis of the suspected malware file(s) may include one or more automatic analysis techniques. Automatic analysis of may include production and gathering of various items of information related to the suspected malware file(s) including, for example, calculated hashes, file properties, academic analysis information, file execution information, third-party analysis information, and/or the like. The analysis information may be automatically associated with the suspected malware file(s), and a user interface may be generated in which the various analysis information items are presented to a human analyst such that the analyst may quickly and efficiently evaluate the suspected malware file(s). For example, the analyst may quickly determine one or more characteristics of the suspected malware file(s), whether or not the file(s) is malware, and/or a threat level of the file(s).

Abstract translation: 本公开的实施例涉及可以自动分析可疑的恶意软件文件或文件组的数据分析系统。 可疑恶意软件文件的自动分析可能包括一个或多个自动分析技术。 自动分析可能包括生成和收集与疑似恶意软件文件相关的各种信息项，包括例如计算散列，文件属性，学术分析信息，文件执行信息，第三方分析信息和/或 类似。 分析信息可以自动地与可疑的恶意软件文件相关联，并且可以生成用户界面，其中将各种分析信息项目呈现给人类分析人员，使得分析者可以快速有效地评估可疑的恶意软件文件（ s）。 例如，分析人员可能会快速确定可疑恶意软件文件的一个或多个特征，无论文件是恶意软件，还是文件的威胁级别。

公开(公告)号：US20200084233A1

公开(公告)日：2020-03-12

申请号：US16597711

申请日：2019-10-09

Applicant: Palantir Technologies Inc.

Inventor： Ezra Spiro ,  Joseph Staehle ,  Andrew Levine ,  Juan Ricafort ,  Alvaro Morales

IPC: H04L29/06 ,  G06F3/0482 ,  G06F16/2457 ,  G06F16/951 ,  G06F21/55 ,  H04L12/58

Abstract: A data analysis system receives potentially undesirable electronic communications and automatically groups them in computationally-efficient data clusters, automatically analyze those data clusters, automatically tags and groups those data clusters, and provides results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the data clusters may include an automated application of various criteria or rules so as to generate an ordered display of the groups of related data clusters such that the analyst may quickly and efficiently evaluate the groups of data clusters. In particular, the groups of data clusters may be dynamically re-grouped and/or filtered in an interactive user interface so as to enable an analyst to quickly navigate among information associated with various groups of data clusters and efficiently evaluate those data clusters.

公开(公告)号：US10129282B2

公开(公告)日：2018-11-13

申请号：US15395483

申请日：2016-12-30

Applicant: PALANTIR TECHNOLOGIES INC.

Inventor： Samuel Jones ,  Timothy Yousaf ,  Drew Dennison ,  Vivek Lakshmanan ,  Joseph Staehle ,  Samuel Kremin ,  Maxim Kesin ,  Taylor Heroux

IPC: H04L29/06 ,  G06F21/00 ,  H04L29/08

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.

公开(公告)号：US10044745B1

公开(公告)日：2018-08-07

申请号：US15207343

申请日：2016-07-11

Applicant: PALANTIR TECHNOLOGIES INC.

Inventor： Samuel Jones ,  Joseph Staehle ,  Lucy Cheng

IPC: G06F21/55 ,  H04L29/06

CPC classification number: H04L63/1433 ,  G06F21/55 ,  G06F21/577 ,  H04L63/102 ,  H04L63/107 ,  H04L63/14 ,  H04L63/1425

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for computer network security risk assessment. One of the methods includes obtaining compromise likelihoods for user accounts. Information describing a network topology of a network is obtained, with the network topology being nodes each connected by an edge to other nodes, each node being associated with a compromise likelihood, and one or more nodes are high value nodes associated with a compromise value. Unique paths to each of the high value nodes are determined for a particular user account. An expected value for each path is determined based on the compromise likelihood of the particular user account, the compromise likelihood of each node included in the path, the communication weight of each edge included in the path, and the compromise value associated with the high value node. User interface data is generated describing at least one path.

公开(公告)号：US20170111381A1

公开(公告)日：2017-04-20

申请号：US15395483

申请日：2016-12-30

Applicant: PALANTIR TECHNOLOGIES INC.

Inventor： Samuel Jones ,  Timothy Yousaf ,  Drew Dennison ,  Vivek Lakshmanan ,  Joseph Staehle ,  Samuel Kremin ,  Maxim Kesin ,  Taylor Heroux

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/552 ,  G06F21/554 ,  H04L63/1433 ,  H04L67/306

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.

公开(公告)号：US09537880B1

公开(公告)日：2017-01-03

申请号：US14982699

申请日：2015-12-29

Applicant: PALANTIR TECHNOLOGIES INC.

Inventor： Samuel Jones ,  Timothy Yousaf ,  Drew Dennison ,  Vivek Lakshmanan ,  Joseph Staehle ,  Samuel Kremin ,  Maxim Kesin ,  Taylor Heroux

IPC: G06F11/00 ,  G06F21/00 ,  H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/552 ,  G06F21/554 ,  H04L63/1433 ,  H04L67/306

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.

Abstract translation: 方法，系统和装置，包括在计算机存储介质上编码的计算机程序，用于网络监视，用户帐户折衷确定和用户行为数据库系统。 系统监视用户帐户的网络操作，包括跨多个网络可访问系统的用户帐户访问，确定用户帐户转换，以及确定指示妥协的不同类型的高风险用户行为。 可以通过网络可访问系统从生成的信息获得网络动作，并且在包括上下文的附加数据集之间进行关联。 生成描述用户帐户的网络动作的用户界面，并且被配置用于用户交互，其导致生成更新的用户界面和访问电子数据源以确定与用户交互相关的信息。

公开(公告)号：US09456000B1

公开(公告)日：2016-09-27

申请号：US15072174

申请日：2016-03-16

Applicant: Palantir Technologies Inc.

Inventor： Ezra Spiro ,  Joseph Staehle ,  Andrew Levine ,  Juan Ricafort ,  Alvaro Morales

IPC: H04L29/06 ,  G06F3/0484 ,  G06F3/0482 ,  G06F17/27 ,  G06F17/30

CPC classification number: H04L63/1425 ,  G06F3/0482 ,  G06F17/3053 ,  G06F17/30864 ,  G06F21/552 ,  H04L51/12 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/1483

Abstract: A data analysis system receives potentially undesirable electronic communications and automatically groups them in computationally-efficient data clusters, automatically analyze those data clusters, automatically tags and groups those data clusters, and provides results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the data clusters may include an automated application of various criteria or rules so as to generate an ordered display of the groups of related data clusters such that the analyst may quickly and efficiently evaluate the groups of data clusters. In particular, the groups of data clusters may be dynamically re-grouped and/or filtered in an interactive user interface so as to enable an analyst to quickly navigate among information associated with various groups of data clusters and efficiently evaluate those data clusters.

Abstract translation: 数据分析系统接收潜在的不需要的电子通信，并将其自动分组在计算高效的数据集群中，自动分析这些数据集群，自动标记和分组这些数据集群，并以优化的方式为分析人员提供自动化分析和分组的结果 。 数据集群的自动化分析可以包括各种标准或规则的自动化应用，以便生成相关数据集群组的有序显示，使得分析人员可以快速有效地评估数据集群。 特别地，可以在交互式用户界面中动态重新分组和/或过滤数据群组，以使分析人员可以快速地在与各种数据集群相关联的信息之间导航，并有效地评估这些数据集群。

公开(公告)号：US09021260B1

公开(公告)日：2015-04-28

申请号：US14473860

申请日：2014-08-29

Applicant: Palantir Technologies Inc.

Inventor： Matthew Falk ,  Timothy Yousaf ,  Joseph Staehle ,  Lucas Lemanowicz ,  Sebastien Noury ,  Robin Lim ,  Michael Glazer

IPC: G06F21/00 ,  G06F21/56 ,  G06F21/62

CPC classification number: G06F21/56 ,  G06F21/6209 ,  G06F21/6218 ,  G06F2221/2101 ,  G06F2221/2107

Abstract: Embodiments of the present disclosure relate to a data analysis system that may automatically analyze a suspected malware file, or group of files. Automatic analysis of the suspected malware file(s) may include one or more automatic analysis techniques. Automatic analysis of may include production and gathering of various items of information related to the suspected malware file(s) including, for example, calculated hashes, file properties, academic analysis information, file execution information, third-party analysis information, and/or the like. The analysis information may be automatically associated with the suspected malware file(s), and a user interface may be generated in which the various analysis information items are presented to a human analyst such that the analyst may quickly and efficiently evaluate the suspected malware file(s). For example, the analyst may quickly determine one or more characteristics of the suspected malware file(s), whether or not the file(s) is malware, and/or a threat level of the file(s).

Abstract translation: 本公开的实施例涉及可以自动分析可疑的恶意软件文件或文件组的数据分析系统。 可疑恶意软件文件的自动分析可能包括一个或多个自动分析技术。 自动分析可能包括生成和收集与疑似恶意软件文件相关的各种信息项，包括例如计算散列，文件属性，学术分析信息，文件执行信息，第三方分析信息和/或 类似。 分析信息可以自动地与可疑的恶意软件文件相关联，并且可以生成用户界面，其中将各种分析信息项目呈现给人类分析人员，使得分析者可以快速有效地评估可疑的恶意软件文件（ s）。 例如，分析人员可能会快速确定可疑恶意软件文件的一个或多个特征，无论文件是恶意软件，还是文件的威胁级别。