公开(公告)号：US11700303B1

公开(公告)日：2023-07-11

申请号：US17503023

申请日：2021-10-15

Applicant: Tanium Inc.

Inventor： Ryan S. Richards ,  John R. Coates ,  James B. Evans

IPC: H04L67/1097 ,  G06F16/2455

CPC classification number: H04L67/1097 ,  G06F16/24552

Abstract: A server system, coupled to a linear communication orbit, has a plurality of function modules. Each function module is configured to collect data from machines located at nodes of the linear communication orbit, process collected data according to a schema definition to generate result data, and store the result data in a database. Data collection requests, based on the schema definition, are sent through the linear communication orbit to collecting data from a set of machines via the linear communication orbit. In some embodiments, a central data management module of the one or more servers is configured to provide the schema definition to and receive result data reported from the function modules.

公开(公告)号：US11609835B1

公开(公告)日：2023-03-21

申请号：US16943307

申请日：2020-07-30

Applicant: Tanium Inc.

Inventor： Daniel Varga ,  Christian L. Hunt ,  Casey Watson ,  Trever Shick ,  Michelle Rezentes ,  Ryan Catherman ,  Joshua F. Stoddard

IPC: G06F17/00 ,  G06F7/00 ,  G06F11/30 ,  G06F16/22 ,  G06F16/245 ,  G06F11/34 ,  G06F7/14 ,  G06F16/248

Abstract: Performance of a collection of machines, arranged in a linear sequence of machines that form a linear communication orbit (LCO), is monitored. Multiple machines in the LCO receive, via the LCO, a set of rules (or various subsets of the same set of rules), each rule specifying one or a combination of conditions (e.g., a performance metric and corresponding criterion) for satisfying the rule, evaluate those rules with respect to locally occurring events and local processes, and stores results of those evaluations in a local database. In response to a performance query sent to the machines via the LCO, each of the machines returns a report, including information identifying processes whose performance during the specified time period satisfies at least one rule in the set of one or more rules. Those reports are aggregated and used to present performance information to a user.

公开(公告)号：US11277489B2

公开(公告)日：2022-03-15

申请号：US17129638

申请日：2020-12-21

Applicant: Tanium Inc.

Inventor： Max Freilich ,  Andrew R. White ,  Christian L. Hunt ,  Peter Constantine ,  Peter Lincroft

IPC: H04L29/08 ,  H04L67/568 ,  H04L67/1087 ,  H04L41/08

Abstract: A method of updating software, performed by respective machines in a linear communication orbit includes, at a local server executed by a respective machine, receiving, via the linear communication orbit, update metadata. At an update module executed by the respective machine, an update module evaluates software version information using the update metadata to determine a set of one or more updates to be applied to one or more software programs. A patch module sends, via the linear communication orbit, requests for one or more software update files corresponding to the set of one or more updates, and receives the one or more software update files corresponding to the set of one or more updates. The update module then updates the one or more of the software programs by applying the received one or more software update files to the one or more of the software programs.

公开(公告)号：US11172470B1

公开(公告)日：2021-11-09

申请号：US16854844

申请日：2020-04-21

Applicant: Tanium Inc.

Inventor： Thomas R. Guieu ,  Matthew C. Hauck ,  Jason E. Mealins ,  David Hindawi ,  Orion Hindawi ,  Lisa Lippincott ,  Peter Lincroft

IPC: H04W72/04 ,  H04W48/16 ,  H04W24/02 ,  H04W8/00 ,  H04L29/12 ,  H04L29/06 ,  H04L29/08 ,  H04L12/24 ,  H04L12/26 ,  H04L12/751 ,  H04W84/18

Abstract: A method is provided of managing a non-static collection of machines. A first client machine runs a first communication protocol. The non-static collection of machines includes a first linear communication orbit, the first linear communication orbit comprising a sequence of machines that run the first communication protocol, and a second linear communication orbit, the second linear communication orbit comprising a sequence of machines that run a second communication protocol distinct from the first communication protocol. The first client machine receives an instruction from a server to install the second communication protocol, installs the second communication protocol, and then submits a registration request to the server. The first client machine receives, from the server, contact information of a list of potential neighbors. The first client machine then, proactively constructs and maintains a respective local segment of the second linear communication orbit.

公开(公告)号：US11153383B2

公开(公告)日：2021-10-19

申请号：US16443720

申请日：2019-06-17

Applicant: Tanium Inc.

Inventor： Ryan S. Richards ,  John R. Coates ,  James B. Evans

IPC: H04L29/08 ,  G06F16/2455

Abstract: This application is directed to a distributed data processing method performed at a server system coupled to a linear communication orbit. The server system has a plurality of function modules. Each function module is configured to collect data related to a core function from the linear communication orbit. Each function module includes an internal client configured to adaptively perform a set of data processing operations according to a schema definition, including generating a data collection request for collecting raw data items, sending the data collection request through the linear communication orbit, collecting the requested raw data items from a set of machines via the linear communication orbit, and performing analysis on the collected raw data items. In some embodiments, a central data management module of the one or more servers is configured to provide the schema definition to and receive result data reported from the function modules.

公开(公告)号：US10824729B2

公开(公告)日：2020-11-03

申请号：US16033131

申请日：2018-07-11

Applicant: Tanium Inc.

Inventor： James B. Hoscheit ,  Kevin N. Smathers ,  Connor J. Hindley ,  Christian L. Hunt

IPC: G06F21/57 ,  H04L29/06 ,  G06F11/34 ,  H04L12/24 ,  H04L29/08 ,  G06F11/07

Abstract: A local environment verification method, performed by a server of a computer network, includes injecting, into a linear communication orbit, a bundle of information items regarding deployment of a respective local environment verification framework at each of a first subset of nodes in the computer network. The bundle of information items is distributed to a respective node of the first subset of nodes through the linear communication orbit, and used to establish the respective local environment verification framework at the respective node of the first subset of nodes. The respective node of the first subset of nodes is configured to perform a set of local environment verifications using the respective local environment verification framework. The method further includes injecting, into the linear communication orbit, a query message to collect respective local results of the set of local environment verifications from the first subset of nodes.

公开(公告)号：US10482242B2

公开(公告)日：2019-11-19

申请号：US15215474

申请日：2016-07-20

Applicant: Tanium Inc.

Inventor： Christian L. Hunt ,  Thomas R. Gissel ,  Aaron Tarter ,  Daniel Floyd ,  Benjamin Hobbs

IPC: G06F21/55 ,  H04L12/26 ,  H04L12/24 ,  H04L29/06 ,  H04L29/08 ,  G06F21/57

Abstract: A respective node in a linear communication orbit receives an instruction packet through the linear communication orbit, where the instruction packet has been propagated from a starting node to the respective node through one or more upstream nodes along the linear communication orbit, and the instruction packet includes an instruction for establishing a direct duplex connection between the respective node and a respective server. In response to receiving the instruction packet, the respective node sends an outbound connection request to the respective server to establish the direct duplex connection. The respective node then uploads local data to the respective server through the direct duplex connection (e.g., in response to one or more queries, instructions, and requests received from the respective server through the direct duplex connection), where the respective server performs analysis on the local data received from the respective node through the direct duplex connection.

公开(公告)号：US20190191426A1

公开(公告)日：2019-06-20

申请号：US16194240

申请日：2018-11-16

Applicant: Tanium Inc.

Inventor： David Hindawi ,  Orion Hindawi ,  Lisa Lippincott ,  Peter Lincroft

IPC: H04W72/04 ,  H04L12/751 ,  H04L12/24 ,  H04L29/08 ,  H04W24/02 ,  H04W8/00 ,  H04W48/16

CPC classification number: H04W72/0406 ,  H04L41/04 ,  H04L41/044 ,  H04L41/082 ,  H04L41/0893 ,  H04L41/12 ,  H04L43/02 ,  H04L43/04 ,  H04L43/0817 ,  H04L43/10 ,  H04L45/02 ,  H04L61/00 ,  H04L63/00 ,  H04L63/20 ,  H04L67/02 ,  H04L67/104 ,  H04L67/1046 ,  H04L67/1048 ,  H04L67/1063 ,  H04L67/1065 ,  H04L67/1072 ,  H04W8/005 ,  H04W24/02 ,  H04W48/16 ,  H04W84/18

Abstract: In one aspect, machines in a managed network implements a set of rules that cause individual machines to directly interact with only a small number of machines in the network (i.e., a local neighborhood within the network), while the independent local actions of the individual machines collectively cause the individual machines to be self-organized into one or more communication orbits without any global control or coordination by a server or an administrator. The communication orbits are used for supporting network, security and system management communications in the managed network.

公开(公告)号：US10111208B2

公开(公告)日：2018-10-23

申请号：US15174850

申请日：2016-06-06

Applicant: Tanium Inc.

Inventor： David Hindawi ,  Orion Hindawi ,  Lisa Lippincott ,  Peter Lincroft

IPC: H04L29/08 ,  H04L29/06 ,  H04L12/24 ,  H04L12/751 ,  H04L12/26 ,  H04W72/04 ,  H04W8/00 ,  H04W24/02 ,  H04W48/16 ,  H04W84/18

Abstract: Machines in a managed network implement a set of rules that cause individual machines to directly interact with only a small number of machines in the network. Independent local actions of the individual machines collectively cause the individual machines to be self-organized into one or more communication orbits without any global control or coordination by a server or an administrator. The communication orbits are used for supporting security management, including, at a first node of the network, receiving a security management message from an upstream neighbor through a respective receiving channel from the upstream neighbor to the first node; performing one or more security management operations in accordance with the security management message received from the upstream neighbor; and forwarding the security management message to a downstream neighbor through a respective propagation channel from the first node to the downstream neighbor.

公开(公告)号：US10095864B2

公开(公告)日：2018-10-09

申请号：US15215483

申请日：2016-07-20

Applicant: Tanium Inc.

Inventor： Christian L. Hunt ,  Thomas R. Gissel ,  Aaron Tarter ,  Daniel Floyd ,  Benjamin Hobbs

IPC: H04L29/06 ,  G06F21/55 ,  H04L12/26 ,  H04L29/08

Abstract: A remote server dispatches an instruction packet to a node in a network through a linear communication orbit formed by a collection of nodes. The instruction packet propagates from node to node along the linear communication orbit until reaching the node. The instruction packet includes instructions for establishing a direct duplex connection between the node and the remote server. After dispatching the instruction packet to the node through the linear communication orbit, the remote server receives, from the node, a request for establishing the direct duplex connection. In response to receiving the request from the node, the remote server establishes the direct duplex connection. After establishing the direct duplex connection, the remote server issues instructions to the node to upload local data from the node to the remote server through the direct duplex connection.