公开(公告)号：US11818146B2

公开(公告)日：2023-11-14

申请号：US16729015

申请日：2019-12-27

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Daniel Ricardo dos Santos ,  Elisa Costante ,  Mario Dagrada ,  Alessandro Manzi

IPC: H04L29/06 ,  H04L12/14 ,  H04L9/40 ,  H04L41/0604

CPC classification number: H04L63/1416 ,  H04L41/0609 ,  H04L63/1425 ,  H04L63/1433

Abstract: Systems, methods, and related technologies for determining an issue based on a plurality of events. The determining of an issue may include accessing network traffic from a network and accessing a plurality of events associated with the network traffic. An issue can be determined based on a correlation of a portion of the plurality of events, where the issue represents an incident associated with the portion of the plurality of events. The correlation of the portion of the plurality of events is based on network specific information. Information associated with the issue including the portion of the plurality of events may then be stored.

公开(公告)号：US20230421581A1

公开(公告)日：2023-12-28

申请号：US18241663

申请日：2023-09-01

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Daniel Ricardo dos Santos ,  Elisa Costante ,  Mario Dagrada ,  Alessandro Manzi

IPC: H04L9/40 ,  H04L41/0604

CPC classification number: H04L63/1416 ,  H04L41/0609 ,  H04L63/1425 ,  H04L63/1433

Abstract: A method includes accessing events associated with a network and determining an issue based on a correlation of a portion of the events, wherein the issue represents an incident associated with the portion of the events, and wherein the correlation of the portion of the events is based on information associated with the network and at least in part on an event type of the portion of the events. A priority associated with the issue is determined at least based on the event type of the portion of the events. A first event type that is associated with an operational technology (OT) entity has a higher priority than a second event type that is not associated with the OT entity. Data associated with the issue is stored.

公开(公告)号：US12184677B2

公开(公告)日：2024-12-31

申请号：US18241663

申请日：2023-09-01

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Daniel Ricardo dos Santos ,  Elisa Costante ,  Mario Dagrada ,  Alessandro Manzi

IPC: H04L9/40 ,  H04L41/0604

Abstract: A method includes accessing events associated with a network and determining an issue based on a correlation of a portion of the events, wherein the issue represents an incident associated with the portion of the events, and wherein the correlation of the portion of the events is based on information associated with the network and at least in part on an event type of the portion of the events. A priority associated with the issue is determined at least based on the event type of the portion of the events. A first event type that is associated with an operational technology (OT) entity has a higher priority than a second event type that is not associated with the OT entity. Data associated with the issue is stored.

公开(公告)号：US20240064158A1

公开(公告)日：2024-02-22

申请号：US18121682

申请日：2023-03-15

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Koen Theodora Wilhelmina Teuwen ,  Alessandro Manzi ,  Daniel Ricardo dos Santos ,  Elisa Costante

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1425

Abstract: Systems, methods, and related technologies for threat attribution are described. A method includes accessing network traffic to determine an incident based on a correlation of events as being associated with a same coordinated attack. The incident includes indicators of compromise (IoCs) and a Tactics, Techniques and Procedures (TTPs). The method also includes computing a first probability function based on the IoCs, wherein the first probability function comprises a first set of probability of attributions for a first list of known threat actors, and computing a second probability function based on the TTPs, wherein the second probability function comprises a second set of probability of attributions for a second list of known threat actors. The method also includes generating an aggregate probability function by combining the first probability function and the second probability function, using the aggregate probability function to derive attribution information, and storing the attribution information with the incident.

公开(公告)号：US20210203673A1

公开(公告)日：2021-07-01

申请号：US16729015

申请日：2019-12-27

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Daniel Ricardo dos Santos ,  Elisa Costante ,  Mario Dagrada ,  Alessandro Manzi

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and related technologies for determining an issue based on a plurality of events. The determining of an issue may include accessing network traffic from a network and accessing a plurality of events associated with the network traffic. An issue can be determined based on a correlation of a portion of the plurality of events, where the issue represents an incident associated with the portion of the plurality of events. The correlation of the portion of the plurality of events is based on network specific information. Information associated with the issue including the portion of the plurality of events may then be stored.