-
公开(公告)号:US20240111809A1
公开(公告)日:2024-04-04
申请号:US18525710
申请日:2023-11-30
发明人: Andrew Eggleton , Alexandra Serenhov , Ankit Shankar , Brandon Helms , Brian Keohane , Darren Zhao , Elliot Colquhoun , Gautam Punukollu , Morten Kromann , Nikhil Seetharaman , Ranec Highet , Raj Krishnan , Xiao Tang , Sriram Krishnan , Simon Vahr , Tareq Alkhatib , Thomas Mathew
IPC分类号: G06F16/901 , G06F21/55 , H04L9/40
CPC分类号: G06F16/9024 , G06F21/552 , G06F21/554 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/20
摘要: A method, performed by one or more processors, including: receiving one or more event records; generating, using the one or more event records, an event descriptor object descriptive of one or more events occurring in a networked system, wherein the event descriptor object comprises a plurality of event properties; receiving one or more entity records; generating, using the one or more entity records, an entity descriptor object descriptive of one or more entities relevant to the security of the networked system, wherein the entity descriptor object comprises a plurality of entity properties; incorporating, into an object graph, the event descriptor object and the entity descriptor object; and associating, in the object graph, the event descriptor object with the entity descriptor object using at least one of the plurality of event properties and at least one of the plurality of entity properties.
-
公开(公告)号:US20210097172A1
公开(公告)日:2021-04-01
申请号:US17032479
申请日:2020-09-25
发明人: Elliot Colquhoun , Andrew Eggleton , Alexandra Serenhov , Ankit Shankar , Brian Keohane , Corinne Petroschke , Darren Zhao , Ionut Octavian Iordache , Xiao Tang , Simon Vahr , Tareq Alkhatib , Athanasios Kontonasios , Thomas Mathew
摘要: A method, performed by one or more processors, includes: receiving an indication of a desired modification to a cybersecurity event detector that is being contemporaneously used for the detection of potential cybersecurity events in a production environment; modifying, in a sandbox environment, the cybersecurity event detector based on the indication of the desired modification to the cybersecurity event detector; and for each system event in a set of system events, determining, in the sandbox environment, whether the respective system event is indicative of a potential cybersecurity event using the modified cybersecurity event detector. Related apparatus are also disclosed.
-
公开(公告)号:US11874872B2
公开(公告)日:2024-01-16
申请号:US16660217
申请日:2019-10-22
发明人: Andrew Eggleton , Alexandra Serenhov , Ankit Shankar , Brandon Helms , Brian Keohane , Darren Zhao , Elliot Colquhoun , Gautam Punukollu , Morten Kromann , Nikhil Seetharaman , Ranec Highet , Raj Krishnan , Xiao Tang , Sriram Krishnan , Simon Vahr , Tareq Alkhatib , Thomas Mathew
IPC分类号: G06F21/00 , G06F16/901 , H04L9/40 , G06F21/55
CPC分类号: G06F16/9024 , G06F21/552 , G06F21/554 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/20
摘要: A method, performed by one or more processors, including: receiving one or more event records; generating, using the one or more event records, an event descriptor object descriptive of one or more events occurring in a networked system, wherein the event descriptor object comprises a plurality of event properties; receiving one or more entity records; generating, using the one or more entity records, an entity descriptor object descriptive of one or more entities relevant to the security of the networked system, wherein the entity descriptor object comprises a plurality of entity properties; incorporating, into an object graph, the event descriptor object and the entity descriptor object; and associating, in the object graph, the event descriptor object with the entity descriptor object using at least one of the plurality of event properties and at least one of the plurality of entity properties.
-
公开(公告)号:US20240311471A1
公开(公告)日:2024-09-19
申请号:US18672230
申请日:2024-05-23
发明人: Elliot Colquhoun , Andrew Eggleton , Alexandra Serenhov , Ankit Shankar , Brian Keohane , Corinne Petroschke , Darren Zhao , Ionut Octavian Iordache , Xiao Tang , Simon Vahr , Tareq Alkhatib , Athanasios Kontonasios , Thomas Mathew , Rushad Heerjee
CPC分类号: G06F21/552 , G06F21/53 , G06F21/566 , G06F21/57 , G06F2221/2149
摘要: A method, performed by one or more processors, includes: receiving an indication of a desired modification to a cybersecurity event detector that is being contemporaneously used for the detection of potential cybersecurity events in a production environment; modifying, in a sandbox environment, the cybersecurity event detector based on the indication of the desired modification to the cybersecurity event detector; and for each system event in a set of system events, determining, in the sandbox environment, whether the respective system event is indicative of a potential cybersecurity event using the modified cybersecurity event detector. Related apparatus are also disclosed.
-
公开(公告)号:US20230394083A1
公开(公告)日:2023-12-07
申请号:US16660217
申请日:2019-10-22
发明人: Andrew Eggleton , Alexandra Serenhov , Ankit Shankar , Brandon Helms , Brian Keohane , Darren Zhao , Elliot Colquhoun , Gautam Punukollu , Morten Kromann , Nikhil Seetharaman , Ranec Highet , Raj Krishnan , Xiao Tang , Sriram Krishnan , Simon Vahr , Tareq Alkhatib , Thomas Mathew
IPC分类号: H04L9/40
CPC分类号: H04L63/205 , H04L63/1425 , H04L63/1416 , H04L63/145
摘要: A method, performed by one or more processors, including: receiving one or more event records; generating, using the one or more event records, an event descriptor object descriptive of one or more events occurring in a networked system, wherein the event descriptor object comprises a plurality of event properties; receiving one or more entity records; generating, using the one or more entity records, an entity descriptor object descriptive of one or more entities relevant to the security of the networked system, wherein the entity descriptor object comprises a plurality of entity properties; incorporating, into an object graph, the event descriptor object and the entity descriptor object; and associating, in the object graph, the event descriptor object with the entity descriptor object using at least one of the plurality of event properties and at least one of the plurality of entity properties.
-
-
-
-
搜索结果
5 条记录 (耗时 0.017 秒)
