-
公开(公告)号:US20210037027A1
公开(公告)日:2021-02-04
申请号:US16943949
申请日:2020-07-30
申请人: CrowdStrike, Inc.
IPC分类号: H04L29/06
摘要: Techniques to provide visualizations of possible malicious incidents associated with an event on a host device may include causing presentation of graphics of a process or thread in a user interface. Information about detected events may be transmitted to a computing device that generates the visualizations for presentation to an analyst to verify the malicious incidents. Based on patterns and information conveyed in the visualizations, the computer device or host device may take action to protect operation of the host device caused by the event.
-
公开(公告)号:US20230164152A1
公开(公告)日:2023-05-25
申请号:US18094580
申请日:2023-01-09
申请人: CrowdStrike, Inc.
IPC分类号: H04L9/40
CPC分类号: H04L63/1416 , H04L63/1425 , H04L63/1441
摘要: Techniques to provide visualizations of possible malicious incidents associated with an event on a host device may include causing presentation of graphics of a process or thread in a user interface. Information about detected events may be transmitted to a computing device that generates the visualizations for presentation to an analyst to verify the malicious incidents. Based on patterns and information conveyed in the visualizations, the computer device or host device may take action to protect operation of the host device caused by the event.
-
公开(公告)号:US20240078222A1
公开(公告)日:2024-03-07
申请号:US17902628
申请日:2022-09-02
申请人: Crowdstrike, Inc.
CPC分类号: G06F16/2246 , G06F16/2379
摘要: A value is assigned to a rate threshold for adding child nodes to a distinct parent node in a tree data structure. A first datum comprising a first variable assigned a first value and a second variable assigned a first value is added to the tree at a first timestamp, by adding to the first level in the tree a first parent node representing the first variable assigned the first value and adding to the second level in the tree a first child node representing the second variable assigned the first value and connected by a first directed edge from the first parent node. A second datum comprising the first variable assigned the first value and the second variable assigned a second value is received at a second timestamp. The method blocks adding to the second level in the tree a second child node representing the second variable assigned the second value and connected by a second directed edge from the first parent node when a rate based on the first timestamp and the second timestamp exceeds the rate threshold.
-
公开(公告)号:US20240007491A1
公开(公告)日:2024-01-04
申请号:US17855360
申请日:2022-06-30
申请人: CrowdStrike, Inc.
IPC分类号: H04L9/40
CPC分类号: H04L63/1425 , H04L63/1441
摘要: Methods and systems for detecting malicious attacks in a network and preventing lateral movement in the network by identity control are disclosed. According to an implementation, a security appliance may receive telemetry data from an endpoint device collected during a period of time. The security appliance may determine a threat behavior based on the telemetry data. The threat behavior may be associated with a user identity or user account. The security appliance further determines one or more additional user identities based on the user identity connected to the threat behavior. The security appliance may enforce one or more security actions on the user identity and the one or more additional user identities to prevent attacks to a plurality of computing domains from the endpoint device using the one or more additional user identities. The security appliance may be implemented on any network participants including servers, cloud device, cloud-based services/platforms, etc.
-
公开(公告)号:US11588832B2
公开(公告)日:2023-02-21
申请号:US16943949
申请日:2020-07-30
申请人: CrowdStrike, Inc.
摘要: Techniques to provide visualizations of possible malicious incidents associated with an event on a host device may include causing presentation of graphics of a process or thread in a user interface. Information about detected events may be transmitted to a computing device that generates the visualizations for presentation to an analyst to verify the malicious incidents. Based on patterns and information conveyed in the visualizations, the computer device or host device may take action to protect operation of the host device caused by the event.
-
-
-
-
搜索结果
5 条记录 (耗时 0.013 秒)
