公开(公告)号：US20220374434A1

公开(公告)日：2022-11-24

申请号：US17325097

申请日：2021-05-19

申请人： CrowdStrike, Inc.

发明人： Brent Ryan Nash ,  James Robert Plush ,  Timothy Jason Berger ,  Hyacinth D. Diehl

IPC分类号： G06F16/2455 ,  G06F16/901

摘要： An event query host can include an event processor configured to process an event stream indicating events that occurred on a computing device. The event processor can add representations of events to an event graph. If an event added to the event graph is a trigger event associated with a query, the event processor can also add an instance of the query to a query queue. The query queue can be sorted based on scheduled execution times of query instances. At a scheduled execution time of a query instance in the query queue, a query manager of the event query host can execute the query instance and attempt to find a corresponding pattern of one or more events in the event graph.

公开(公告)号：US11836137B2

公开(公告)日：2023-12-05

申请号：US17325097

申请日：2021-05-19

申请人： CrowdStrike, Inc.

发明人： Brent Ryan Nash ,  James Robert Plush ,  Timothy Jason Berger ,  Hyacinth D. Diehl

IPC分类号： G06F16/2455 ,  G06F16/901

CPC分类号： G06F16/24568 ,  G06F16/9024

摘要： An event query host can include an event processor configured to process an event stream indicating events that occurred on a computing device. The event processor can add representations of events to an event graph. If an event added to the event graph is a trigger event associated with a query, the event processor can also add an instance of the query to a query queue. The query queue can be sorted based on scheduled execution times of query instances. At a scheduled execution time of a query instance in the query queue, a query manager of the event query host can execute the query instance and attempt to find a corresponding pattern of one or more events in the event graph.

公开(公告)号：US20230229717A1

公开(公告)日：2023-07-20

申请号：US17576734

申请日：2022-01-14

申请人： Crowdstrike, Inc.

发明人： Hyacinth David Diehl ,  Michael Edward Lusignan ,  Brent Ryan Nash ,  Liudmila Nikolaeva ,  Nora Lillian Sandler ,  Garry James Bodsworth

IPC分类号： G06F16/9532 ,  G06F16/9536 ,  H04L9/40

CPC分类号： G06F16/9532 ,  G06F16/9536 ,  H04L63/1408

摘要： An event query host can include one or more processors configured to process an event stream indicating events that occurred on one or more computing devices. The event stream comprises event data that is associated with occurrences of events on the one or more computing devices. The event query host can forward the event data to a first query engine and to a second query engine. The first query engine can determine, based on a set of query definitions, that the forwarded event data is associated with a first query to be executed by the first query engine, and so executes the first query instance associated with the first query. The second query engine can also determine, based on the set of query definitions, that the forwarded event data is associated with a second query to be executed by the second query engine, and so executes the second query instance associated with the second query.