公开(公告)号：US20240064167A1

公开(公告)日：2024-02-22

申请号：US18380411

申请日：2023-10-16

申请人： Qualys, Inc.

发明人： Ganesh Nikam ,  Akash Shah

IPC分类号： H04L9/40 ,  G06F16/951 ,  G06F9/54 ,  G06F9/445 ,  H04L67/133

CPC分类号： H04L63/1433 ,  H04L63/1466 ,  G06F16/951 ,  G06F9/547 ,  G06F9/44505 ,  G06F9/541 ,  H04L67/133

摘要： Methods and systems for securing an application programming interface (API) are presented. The method comprises: receiving API workflow data associated with an API testing tool and generating a scan configuration file using the API workflow data; crawling the collection of API requests by identifying and retrieving a link associated with the collection of API requests; and crawling the link to generate a crawled link response. The method also includes executing one or more vulnerability tests on the crawled link response including applying at least one passive detection rule to the crawled link response and fuzzing the link. The fuzzed link may be transmitted in a request to an application server following which scan data indicative of at least one vulnerability associated with a response from the application server may be generated. The scan data may be used to generate a vulnerability report.

公开(公告)号：US20240007487A1

公开(公告)日：2024-01-04

申请号：US18368920

申请日：2023-09-15

申请人： Qualys, Inc.

发明人： Ankur S. Tyagi ,  Mayuresh Vishwas Dani

IPC分类号： H04L9/40

CPC分类号： H04L63/1416 ,  H04L63/1433 ,  H04L63/20 ,  H04L63/1441

摘要： The present disclosure relates to methods, systems, and computer program products for generating an asset remediation trend map used in remediating against an attack campaign. The method comprises receiving attack kill chain data. The attack kill chain data comprises steps for executing an attack campaign on one or more assets associated with a computing device. The method further comprises parsing the attack kill chain data to determine one or more attack execution operations for executing the attack campaign on the one or more assets associated with the computing device. The method determines based on the parsing, one or more remediation operations corresponding to the one or more attack execution operations. In addition, the method sequences the one or more remediation operations to form an asset remediation trend map. In one implementation, the asset remediation trend map indicates steps for remediating the attack campaign.

公开(公告)号：US20230205888A1

公开(公告)日：2023-06-29

申请号：US17564293

申请日：2021-12-29

申请人： Qualys, Inc.

发明人： Ankur Sunil Tyagi ,  Mayuresh Vishwas Dani

IPC分类号： G06F21/57 ,  G06F21/56

CPC分类号： G06F21/577 ,  G06F21/566 ,  G06F2221/034

摘要： A system for testing a security object is disclosed. The system comprises processors and memory storing a plurality of security engines and instructions that, when executed by the processors, causes the system to: access a decision tree comprising a first node and a plurality of second nodes; link a first leaf node of the decision tree with a first security engine; link a second leaf node of the decision tree with a second security engine; receive a security object comprising a digital asset that is attackable using one or more attack execution operations; and test the security object using the decision tree to determine a security threat parameter for the security object. The security threat parameter may be used to prioritize one or more remediation steps for mitigating against the one or more attack execution operations associated with the digital asset.

公开(公告)号：US20230156017A1

公开(公告)日：2023-05-18

申请号：US17525773

申请日：2021-11-12

申请人： Qualys, Inc.

发明人： Ankur Sunil Tyagi ,  Mayuresh Vishwas Dani

IPC分类号： H04L29/06

CPC分类号： H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1466 ,  H04L63/20

摘要： The present disclosure provides a method and a system for generating a decision tree that tests security event files. The method comprises receiving attack data comprising a plurality of attack execution operations and determining threat attribute data based on the attack data. The method also comprises generating a decision tree using the threat attribute data. The decision tree includes at least one first node and a plurality of second nodes connected to the at least one first node. A first nodal data may be generated and assigned to each second node based on one or more threat attributes associated with the threat attribute data. In response to receiving a security event file, the method executes one or more security tests, using the decision tree, for the security event file.

公开(公告)号：US10986135B2

公开(公告)日：2021-04-20

申请号：US16730551

申请日：2019-12-30

申请人： Qualys, Inc.

发明人： Sean M. Molloy ,  Matthew L. Wirges ,  Amol S. Sonawane

IPC分类号： H04L29/06 ,  G06F16/245 ,  G06F16/2457 ,  G06F16/903 ,  G06F40/205

摘要： A security management system may be remotely deployed (e.g., using a cloud-based architecture) to add security to an enterprise network. For example, the security management system may scan assets within the enterprise network for vulnerabilities and may receive data from these scans. The security management system may also receive data from other sources, and, as a result, the system may handle data having many different formats and attributes. When the security management system tries to associate data to assets, there may not be a globally unique identifier that is applicable for all received data. Provided in the present disclosure are exemplary techniques for tracking assets across a network using an asset correlation engine that can flexibly correlate data with assets based on attribute information.

公开(公告)号：US10958686B2

公开(公告)日：2021-03-23

申请号：US16384535

申请日：2019-04-15

申请人： Qualys, Inc.

发明人： Mayuresh Vishwas Dani ,  Ankur S. Tyagi

IPC分类号： H04L29/06

摘要： The present disclosure describes enticing a threat-actor to execute an attack execution operation. According to one aspect of the subject matter described in this disclosure, a method for generating a domain-specific language (DSL) file is disclosed. The method may comprise determining, a framework based on an attack repository, determining a first primitive based on the framework, and determining a second primitive based on the framework. In one implementation, the first primitive and the second primitive are fundamental structures or constructs within a DSL. The method further comprises combining the first primitive and the second primitive into a DSL file. In one implementation, the DSL file is executed to create a computing environment that entices a first attacker to execute an attack execution operation within a given domain.

公开(公告)号：US10229274B2

公开(公告)日：2019-03-12

申请号：US15918909

申请日：2018-03-12

申请人： Qualys, Inc.

发明人： Wolfgang Kandek ,  Holger Kruse ,  Tigran Gevorgyan ,  Gregor Glawitsch ,  Parminder Singh ,  Kenneth K. Okumura

IPC分类号： G06F11/00 ,  G06F21/57 ,  H04L29/06

摘要： The disclosed principles describe systems and methods for assessing the security posture of a target device, wherein the assessment is performed by a scanning computer in communication with the target device via a communication network. By employing a system or method in accordance with the disclosed principles, distinct advantages are achieved. Specifically, conducting such a remote scan allows for the scanner computer to perform a remote scan of the remote device without installing client software to the remote device. Thus, the disclosed principles reduce the need for internal IT resources to manage the deployment and updates of client software on the target device. Also, conducting a remote scan according to the disclosed principles allows for the remote scan to be performed even if the scanner computer and remote device run different operating systems.

公开(公告)号：US10104101B1

公开(公告)日：2018-10-16

申请号：US15581945

申请日：2017-04-28

申请人： Qualys, Inc.

发明人： Sumedh S. Thakar ,  Ankur S. Tyagi ,  Abhijit V. Limaye

IPC分类号： H04L29/06 ,  G06F21/56

CPC分类号： H04L63/1416 ,  G06F21/56 ,  H04L63/166

摘要： Embodiments disclosed herein are directed to intelligent malware detection. A scanner server is used to scan an endpoint device for malware. Various attributes and behaviors of the endpoint device are identified in retrieved scan data. Identified attributes and behaviors are then evaluated according to a malware detection framework, which is used to determine whether (as well as to what extent) the identified attributes and behaviors are indicative of malware. In this manner, potential security risks associated with the malware may be identified. The framework is constructed through a machine learning process that aggregates attributes and behaviors common amongst members of malware families. Advantageously, the framework enables the scanner server to detect unknown variants of known malware families.

公开(公告)号：US09591027B2

公开(公告)日：2017-03-07

申请号：US14624335

申请日：2015-02-17

申请人： Qualys, Inc.

发明人： Sean M. Molloy ,  Matthew L. Wirges ,  Amol S. Sonawane

IPC分类号： G06F17/00 ,  H04L29/06 ,  G06F17/30 ,  G06F17/27

CPC分类号： H04L63/20 ,  G06F17/2705 ,  G06F17/30424 ,  G06F17/3053 ,  G06F17/30979 ,  H04L63/1408 ,  H04L63/1433

摘要： A security management system may be remotely deployed (e.g., using a cloud-based architecture) to add security to an enterprise network. For example, the security management system may scan assets within the enterprise network for vulnerabilities and may receive data chunks from these scans. The security management system may also receive data chunks from other sources, and, as a result, the system may handle data chunks having many different formats and attributes. When the security management system tries to associate data chunks to assets, there may not be a globally unique identifier that is applicable for all received data chunks. Provided in the present disclosure are exemplary techniques for tracking assets across a network using an asset correlation engine that can flexibly match data chunks to assets based on the attribute or attributes that are available within the data chunks.

摘要翻译： 可以远程部署安全管理系统（例如，使用基于云的架构）来向企业网络添加安全性。 例如，安全管理系统可以扫描企业网络中的资产以获取漏洞，并可能从这些扫描中接收数据块。 安全管理系统还可以从其他源接收数据块，结果，系统可以处理具有许多不同格式和属性的数据块。 当安全管理系统尝试将数据块与资产相关联时，可能不存在适用于所有接收到的数据块的全局唯一标识符。 在本公开中提供的是用于使用可以基于数据块内可用的属性或属性将数据块灵活地匹配到资产的资产相关引擎来跟踪网络上的资产的示例性技术。

公开(公告)号：US09432392B2

公开(公告)日：2016-08-30

申请号：US14584876

申请日：2014-12-29

申请人： QUALYS, INC.

发明人： Wissam Ali-Ahmad ,  Wolfgang Kandek ,  Holger Kruse ,  Vikas Dewan ,  Khair-ed-dine Mazboudi ,  Ganesh Jampani ,  Kenneth K. Okumura

IPC分类号： G06F21/50 ,  H04L29/06 ,  G06F3/048 ,  H04L29/08

CPC分类号： H04L63/1433 ,  G06F3/048 ,  G06F2221/2101 ,  G06F2221/2119 ,  H04L63/0281 ,  H04L63/1408 ,  H04L63/1441 ,  H04L63/166 ,  H04L67/02

摘要： Methods and systems for scanning an endpoint terminal across an open computer network are disclosed. An exemplary method includes providing a scanner engine in a computer server in communication with an open computer network, and establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on the endpoint terminal in communication with the open computer network. Commands for collecting data regarding the endpoint terminal are sent from the scanner engine across the secure connection to the scanner agent. The scanner engine then receives the collected data from the scanner agent across the secure connection, analyzes the data to assess a current posture of the endpoint terminal, and determines any updates for the endpoint terminal from the analysis. Updates are sent across the secure connection to the scanner agent for installation on the endpoint terminal, and the secure connection may then be terminated.