-
公开(公告)号:US20210026952A1
公开(公告)日:2021-01-28
申请号:US16549261
申请日:2019-08-23
发明人: Andrew Eggleton , Elliot Colquhoun , Ranec Highet , Xiao Tang , Tareq Alkhatib , Raj Krishnan , Nick Seetharaman , Brandon Helms , Daniel Kelly , Gautam Punukollu , Morten Kromann
摘要: A method, performed by one or more processors, including receiving a plurality of system event records; processing the plurality of system event records using a set of event detectors to determine that a suspicious system event has occurred; sending, to a client device, a plurality of properties associated with the suspicious system event; receiving, from the client device, a selection indicator indicating a selected one or more properties of the plurality of properties; generating one or more new event detectors based on the selected one or more properties; and adding the one or more new event detectors to the set of event detectors.
-
公开(公告)号:US20240146758A1
公开(公告)日:2024-05-02
申请号:US18393394
申请日:2023-12-21
发明人: Elliot Colquhoun , Abhishek Agarwal , Andrew Eggleton , Brandon Helms , Carl Ambroselli , Cem Zorlular , Daniel Kelly , Gautam Punukollu , Jeffrey Tsui , Morten Kromann , Nikhil Seetharaman , Raj Krishnan , Samuel Jones , Tareq Alkhatib , Dayang Shi
CPC分类号: H04L63/1433 , G06F8/65 , H04L63/1441 , H04L67/75
摘要: A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.
-
公开(公告)号:US20240111809A1
公开(公告)日:2024-04-04
申请号:US18525710
申请日:2023-11-30
发明人: Andrew Eggleton , Alexandra Serenhov , Ankit Shankar , Brandon Helms , Brian Keohane , Darren Zhao , Elliot Colquhoun , Gautam Punukollu , Morten Kromann , Nikhil Seetharaman , Ranec Highet , Raj Krishnan , Xiao Tang , Sriram Krishnan , Simon Vahr , Tareq Alkhatib , Thomas Mathew
IPC分类号: G06F16/901 , G06F21/55 , H04L9/40
CPC分类号: G06F16/9024 , G06F21/552 , G06F21/554 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/20
摘要: A method, performed by one or more processors, including: receiving one or more event records; generating, using the one or more event records, an event descriptor object descriptive of one or more events occurring in a networked system, wherein the event descriptor object comprises a plurality of event properties; receiving one or more entity records; generating, using the one or more entity records, an entity descriptor object descriptive of one or more entities relevant to the security of the networked system, wherein the entity descriptor object comprises a plurality of entity properties; incorporating, into an object graph, the event descriptor object and the entity descriptor object; and associating, in the object graph, the event descriptor object with the entity descriptor object using at least one of the plurality of event properties and at least one of the plurality of entity properties.
-
公开(公告)号:US11882145B2
公开(公告)日:2024-01-23
申请号:US17845514
申请日:2022-06-21
发明人: Elliot Colquhoun , Abhishek Agarwal , Andrew Eggleton , Brandon Helms , Carl Ambroselli , Cem Zorlular , Daniel Kelly , Gautam Punukollu , Jeffrey Tsui , Morten Kromann , Nikhil Seetharaman , Raj Krishnan , Samuel Jones , Tareq Alkhatib , Dayang Shi
CPC分类号: H04L63/1433 , G06F8/65 , H04L63/1441 , H04L67/75
摘要: A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.
-
公开(公告)号:US11874872B2
公开(公告)日:2024-01-16
申请号:US16660217
申请日:2019-10-22
发明人: Andrew Eggleton , Alexandra Serenhov , Ankit Shankar , Brandon Helms , Brian Keohane , Darren Zhao , Elliot Colquhoun , Gautam Punukollu , Morten Kromann , Nikhil Seetharaman , Ranec Highet , Raj Krishnan , Xiao Tang , Sriram Krishnan , Simon Vahr , Tareq Alkhatib , Thomas Mathew
IPC分类号: G06F21/00 , G06F16/901 , H04L9/40 , G06F21/55
CPC分类号: G06F16/9024 , G06F21/552 , G06F21/554 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/20
摘要: A method, performed by one or more processors, including: receiving one or more event records; generating, using the one or more event records, an event descriptor object descriptive of one or more events occurring in a networked system, wherein the event descriptor object comprises a plurality of event properties; receiving one or more entity records; generating, using the one or more entity records, an entity descriptor object descriptive of one or more entities relevant to the security of the networked system, wherein the entity descriptor object comprises a plurality of entity properties; incorporating, into an object graph, the event descriptor object and the entity descriptor object; and associating, in the object graph, the event descriptor object with the entity descriptor object using at least one of the plurality of event properties and at least one of the plurality of entity properties.
-
公开(公告)号:US20230394083A1
公开(公告)日:2023-12-07
申请号:US16660217
申请日:2019-10-22
发明人: Andrew Eggleton , Alexandra Serenhov , Ankit Shankar , Brandon Helms , Brian Keohane , Darren Zhao , Elliot Colquhoun , Gautam Punukollu , Morten Kromann , Nikhil Seetharaman , Ranec Highet , Raj Krishnan , Xiao Tang , Sriram Krishnan , Simon Vahr , Tareq Alkhatib , Thomas Mathew
IPC分类号: H04L9/40
CPC分类号: H04L63/205 , H04L63/1425 , H04L63/1416 , H04L63/145
摘要: A method, performed by one or more processors, including: receiving one or more event records; generating, using the one or more event records, an event descriptor object descriptive of one or more events occurring in a networked system, wherein the event descriptor object comprises a plurality of event properties; receiving one or more entity records; generating, using the one or more entity records, an entity descriptor object descriptive of one or more entities relevant to the security of the networked system, wherein the entity descriptor object comprises a plurality of entity properties; incorporating, into an object graph, the event descriptor object and the entity descriptor object; and associating, in the object graph, the event descriptor object with the entity descriptor object using at least one of the plurality of event properties and at least one of the plurality of entity properties.
-
公开(公告)号:US11698961B2
公开(公告)日:2023-07-11
申请号:US16549261
申请日:2019-08-23
发明人: Andrew Eggleton , Elliot Colquhoun , Ranec Highet , Xiao Tang , Tareq Alkhatib , Raj Krishnan , Nik Seetharaman , Brandon Helms , Gautam Punukollu , Morten Kromann
CPC分类号: G06F21/552 , G06F21/577 , G06F2221/034
摘要: A method, performed by one or more processors, including receiving a plurality of system event records; processing the plurality of system event records using a set of event detectors to determine that a suspicious system event has occurred; sending, to a client device, a plurality of properties associated with the suspicious system event; receiving, from the client device, a selection indicator indicating a selected one or more properties of the plurality of properties; generating one or more new event detectors based on the selected one or more properties; and adding the one or more new event detectors to the set of event detectors.
-
公开(公告)号:US20220321595A1
公开(公告)日:2022-10-06
申请号:US17845514
申请日:2022-06-21
发明人: Elliot Colquhoun , Abhishek Agarwal , Andrew Eggleton , Brandon Helms , Carl Ambroselli , Cem Zorlular , Daniel Kelly , Gautam Punukollu , Jeffrey Tsui , Morten Kromann , Nikhil Seetharaman , Raj Krishnan , Samuel Jones , Tareq Alkhatib , Dayang Shi
摘要: A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.
-
公开(公告)号:US11418529B2
公开(公告)日:2022-08-16
申请号:US16293690
申请日:2019-03-06
发明人: Elliot Colquhoun , Abhishek Agarwal , Andrew Eggleton , Brandon Helms , Carl Ambroselli , Cem Zorlular , Daniel Kelly , Gautam Punukollu , Jeffrey Tsui , Morten Kromann , Nikhil Seetharaman , Raj Krishnan , Samuel Jones , Tareq Alkhatib , Dayang Shi
摘要: A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.
-
-
-
-
-
-
-
-