公开(公告)号：US20210026952A1

公开(公告)日：2021-01-28

申请号：US16549261

申请日：2019-08-23

申请人： Palantir Technologies Inc.

发明人： Andrew Eggleton ,  Elliot Colquhoun ,  Ranec Highet ,  Xiao Tang ,  Tareq Alkhatib ,  Raj Krishnan ,  Nick Seetharaman ,  Brandon Helms ,  Daniel Kelly ,  Gautam Punukollu ,  Morten Kromann

IPC分类号： G06F21/55 ,  G06F21/57

摘要： A method, performed by one or more processors, including receiving a plurality of system event records; processing the plurality of system event records using a set of event detectors to determine that a suspicious system event has occurred; sending, to a client device, a plurality of properties associated with the suspicious system event; receiving, from the client device, a selection indicator indicating a selected one or more properties of the plurality of properties; generating one or more new event detectors based on the selected one or more properties; and adding the one or more new event detectors to the set of event detectors.

公开(公告)号：US20240111809A1

公开(公告)日：2024-04-04

申请号：US18525710

申请日：2023-11-30

申请人： Palantir Technologies Inc.

发明人： Andrew Eggleton ,  Alexandra Serenhov ,  Ankit Shankar ,  Brandon Helms ,  Brian Keohane ,  Darren Zhao ,  Elliot Colquhoun ,  Gautam Punukollu ,  Morten Kromann ,  Nikhil Seetharaman ,  Ranec Highet ,  Raj Krishnan ,  Xiao Tang ,  Sriram Krishnan ,  Simon Vahr ,  Tareq Alkhatib ,  Thomas Mathew

IPC分类号： G06F16/901 ,  G06F21/55 ,  H04L9/40

CPC分类号： G06F16/9024 ,  G06F21/552 ,  G06F21/554 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20

摘要： A method, performed by one or more processors, including: receiving one or more event records; generating, using the one or more event records, an event descriptor object descriptive of one or more events occurring in a networked system, wherein the event descriptor object comprises a plurality of event properties; receiving one or more entity records; generating, using the one or more entity records, an entity descriptor object descriptive of one or more entities relevant to the security of the networked system, wherein the entity descriptor object comprises a plurality of entity properties; incorporating, into an object graph, the event descriptor object and the entity descriptor object; and associating, in the object graph, the event descriptor object with the entity descriptor object using at least one of the plurality of event properties and at least one of the plurality of entity properties.

公开(公告)号：US11882145B2

公开(公告)日：2024-01-23

申请号：US17845514

申请日：2022-06-21

申请人： Palantir Technologies Inc.

发明人： Elliot Colquhoun ,  Abhishek Agarwal ,  Andrew Eggleton ,  Brandon Helms ,  Carl Ambroselli ,  Cem Zorlular ,  Daniel Kelly ,  Gautam Punukollu ,  Jeffrey Tsui ,  Morten Kromann ,  Nikhil Seetharaman ,  Raj Krishnan ,  Samuel Jones ,  Tareq Alkhatib ,  Dayang Shi

IPC分类号： H04L9/40 ,  G06F8/65 ,  H04L67/75

CPC分类号： H04L63/1433 ,  G06F8/65 ,  H04L63/1441 ,  H04L67/75

摘要： A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.

公开(公告)号：US20210109983A1

公开(公告)日：2021-04-15

申请号：US17066922

申请日：2020-10-09

申请人： Palantir Technologies Inc.

发明人： Elliot Colquhoun ,  Hugh Zabriskie ,  Joshua Casale ,  Rahij Ramsharan

IPC分类号： G06F16/9532 ,  G06F16/9538 ,  G06F16/951 ,  G06F16/954

摘要： A method, performed by one or more processors, including: receiving a user query; deriving, based on the user query, a search engine query for use with search engine software and a data access query for use with data access software; sending, to the search engine software, the search engine query to cause the search engine software to locate first data stored in a search engine index; sending, to the data access software, the data access query to cause the data access software to locate second data stored in a distributed data store; receiving, from the search engine software, the first data; and receiving, from the data access software, the second data.

公开(公告)号：US20240146758A1

公开(公告)日：2024-05-02

申请号：US18393394

申请日：2023-12-21

申请人： Palantir Technologies Inc.

发明人： Elliot Colquhoun ,  Abhishek Agarwal ,  Andrew Eggleton ,  Brandon Helms ,  Carl Ambroselli ,  Cem Zorlular ,  Daniel Kelly ,  Gautam Punukollu ,  Jeffrey Tsui ,  Morten Kromann ,  Nikhil Seetharaman ,  Raj Krishnan ,  Samuel Jones ,  Tareq Alkhatib ,  Dayang Shi

IPC分类号： H04L9/40 ,  G06F8/65 ,  H04L67/75

CPC分类号： H04L63/1433 ,  G06F8/65 ,  H04L63/1441 ,  H04L67/75

摘要： A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.

公开(公告)号：US11468130B2

公开(公告)日：2022-10-11

申请号：US17066922

申请日：2020-10-09

申请人： Palantir Technologies Inc.

发明人： Elliot Colquhoun ,  Hugh Zabriskie ,  Joshua Casale ,  Rahij Ramsharan ,  Rushad Heerjee

IPC分类号： G06F7/02 ,  G06F16/00 ,  G06F16/9532 ,  G06F16/951 ,  G06F16/9538 ,  G06F16/954 ,  G06F16/13

摘要： A method, performed by one or more processors, including: receiving a user query; deriving, based on the user query, a search engine query for use with search engine software and a data access query for use with data access software; sending, to the search engine software, the search engine query to cause the search engine software to locate first data stored in a search engine index; sending, to the data access software, the data access query to cause the data access software to locate second data stored in a distributed data store; receiving, from the search engine software, the first data; and receiving, from the data access software, the second data.

公开(公告)号：US20210097172A1

公开(公告)日：2021-04-01

申请号：US17032479

申请日：2020-09-25

申请人： Palantir Technologies Inc.

发明人： Elliot Colquhoun ,  Andrew Eggleton ,  Alexandra Serenhov ,  Ankit Shankar ,  Brian Keohane ,  Corinne Petroschke ,  Darren Zhao ,  Ionut Octavian Iordache ,  Xiao Tang ,  Simon Vahr ,  Tareq Alkhatib ,  Athanasios Kontonasios ,  Thomas Mathew

IPC分类号： G06F21/55 ,  G06F21/53 ,  G06F21/56 ,  G06F21/57

摘要： A method, performed by one or more processors, includes: receiving an indication of a desired modification to a cybersecurity event detector that is being contemporaneously used for the detection of potential cybersecurity events in a production environment; modifying, in a sandbox environment, the cybersecurity event detector based on the indication of the desired modification to the cybersecurity event detector; and for each system event in a set of system events, determining, in the sandbox environment, whether the respective system event is indicative of a potential cybersecurity event using the modified cybersecurity event detector. Related apparatus are also disclosed.

公开(公告)号：US20240248939A1

公开(公告)日：2024-07-25

申请号：US18435740

申请日：2024-02-07

申请人： Palantir Technologies Inc.

发明人： Elliot Colquhoun ,  Hugh Zabriskie ,  Joshua Casale ,  Rahij Ramsharan ,  Rushad Heerjee

IPC分类号： G06F16/9532 ,  G06F16/13 ,  G06F16/951 ,  G06F16/9538 ,  G06F16/954

CPC分类号： G06F16/9532 ,  G06F16/951 ,  G06F16/9538 ,  G06F16/954 ,  G06F16/134

摘要： A method, performed by one or more processors, includes: receiving, from search engine software, first data. In some examples, the first data includes one or more data records. In some examples, the method further includes deriving, based on the first data, a data access query for locating second data using data extracted from the one or more data records. In some examples, the second data includes one or more data objects. In some examples, the method further includes sending, to data access software, the data access query to cause the data access software to locate the second data stored in a second data store different from a first data store storing the first data.

公开(公告)号：US11874872B2

公开(公告)日：2024-01-16

申请号：US16660217

申请日：2019-10-22

申请人： Palantir Technologies Inc.

发明人： Andrew Eggleton ,  Alexandra Serenhov ,  Ankit Shankar ,  Brandon Helms ,  Brian Keohane ,  Darren Zhao ,  Elliot Colquhoun ,  Gautam Punukollu ,  Morten Kromann ,  Nikhil Seetharaman ,  Ranec Highet ,  Raj Krishnan ,  Xiao Tang ,  Sriram Krishnan ,  Simon Vahr ,  Tareq Alkhatib ,  Thomas Mathew

IPC分类号： G06F21/00 ,  G06F16/901 ,  H04L9/40 ,  G06F21/55

CPC分类号： G06F16/9024 ,  G06F21/552 ,  G06F21/554 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20

摘要： A method, performed by one or more processors, including: receiving one or more event records; generating, using the one or more event records, an event descriptor object descriptive of one or more events occurring in a networked system, wherein the event descriptor object comprises a plurality of event properties; receiving one or more entity records; generating, using the one or more entity records, an entity descriptor object descriptive of one or more entities relevant to the security of the networked system, wherein the entity descriptor object comprises a plurality of entity properties; incorporating, into an object graph, the event descriptor object and the entity descriptor object; and associating, in the object graph, the event descriptor object with the entity descriptor object using at least one of the plurality of event properties and at least one of the plurality of entity properties.

公开(公告)号：US20230004606A1

公开(公告)日：2023-01-05

申请号：US17901196

申请日：2022-09-01

申请人： Palantir Technologies Inc.

发明人： Elliot Colquhoun ,  Hugh Zabriskie ,  Joshua Casale ,  Rahij Ramsharan ,  Rushad Heerjee

IPC分类号： G06F16/9532 ,  G06F16/951 ,  G06F16/9538 ,  G06F16/954

摘要： A method, performed by one or more processors, including: receiving a user query; deriving, based on the user query, a search engine query for use with search engine software and a data access query for use with data access software; sending, to the search engine software, the search engine query to cause the search engine software to locate first data stored in a search engine index; sending, to the data access software, the data access query to cause the data access software to locate second data stored in a distributed data store; receiving, from the search engine software, the first data; and receiving, from the data access software, the second data.