公开(公告)号：US20210026952A1

公开(公告)日：2021-01-28

申请号：US16549261

申请日：2019-08-23

Applicant: Palantir Technologies Inc.

Inventor： Andrew Eggleton ,  Elliot Colquhoun ,  Ranec Highet ,  Xiao Tang ,  Tareq Alkhatib ,  Raj Krishnan ,  Nick Seetharaman ,  Brandon Helms ,  Daniel Kelly ,  Gautam Punukollu ,  Morten Kromann

IPC: G06F21/55 ,  G06F21/57

Abstract: A method, performed by one or more processors, including receiving a plurality of system event records; processing the plurality of system event records using a set of event detectors to determine that a suspicious system event has occurred; sending, to a client device, a plurality of properties associated with the suspicious system event; receiving, from the client device, a selection indicator indicating a selected one or more properties of the plurality of properties; generating one or more new event detectors based on the selected one or more properties; and adding the one or more new event detectors to the set of event detectors.

公开(公告)号：US20200322365A1

公开(公告)日：2020-10-08

申请号：US16904944

申请日：2020-06-18

Applicant: Palantir Technologies Inc.

Inventor： Akash Vaswani ,  Asavari Sinha ,  Gautam Punukollu ,  Kyle McLain ,  Vivian Yu

IPC: H04L29/06

Abstract: A computer system is configured to generate alerts related to malicious activity on an audited computing system. The computing system is provided with instructions to receive activity information associated with activity of an entity performed in an audited computing network, access contextual information associated with the entity, determine, based on the contextual information, a set of weights associated with the activity information and combine the weight and the entity activity information to generate a risk score. In response to the risk score satisfying a threshold value, the computer system may generate an alert, and, in response to receiving a user input associated with the alert, update the set of weights. In certain embodiments, the updated weights may be used for determining the risk score of future alerts.

公开(公告)号：US20240146758A1

公开(公告)日：2024-05-02

申请号：US18393394

申请日：2023-12-21

Applicant: Palantir Technologies Inc.

Inventor： Elliot Colquhoun ,  Abhishek Agarwal ,  Andrew Eggleton ,  Brandon Helms ,  Carl Ambroselli ,  Cem Zorlular ,  Daniel Kelly ,  Gautam Punukollu ,  Jeffrey Tsui ,  Morten Kromann ,  Nikhil Seetharaman ,  Raj Krishnan ,  Samuel Jones ,  Tareq Alkhatib ,  Dayang Shi

IPC: H04L9/40 ,  G06F8/65 ,  H04L67/75

CPC classification number: H04L63/1433 ,  G06F8/65 ,  H04L63/1441 ,  H04L67/75

Abstract: A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.

公开(公告)号：US10728262B1

公开(公告)日：2020-07-28

申请号：US15796529

申请日：2017-10-27

Applicant: Palantir Technologies Inc.

Inventor： Akash Vaswani ,  Asavari Sinha ,  Gautam Punukollu ,  Kyle McLain ,  Vivian Yu

IPC: H04L29/06 ,  G06F3/0482

Abstract: A computer system is configured to generate alerts related to malicious activity on an audited computing system. The computing system is provided with instructions to receive activity information associated with activity of an entity performed in an audited computing network, access contextual information associated with the entity, determine, based on the contextual information, a set of weights associated with the activity information and combine the weight and the entity activity information to generate a risk score. In response to the risk score satisfying a threshold value, the computer system may generate an alert, and, in response to receiving a user input associated with the alert, update the set of weights. In certain embodiments, the updated weights may be used for determining the risk score of future alerts.

公开(公告)号：US11874872B2

公开(公告)日：2024-01-16

申请号：US16660217

申请日：2019-10-22

Applicant: Palantir Technologies Inc.

Inventor： Andrew Eggleton ,  Alexandra Serenhov ,  Ankit Shankar ,  Brandon Helms ,  Brian Keohane ,  Darren Zhao ,  Elliot Colquhoun ,  Gautam Punukollu ,  Morten Kromann ,  Nikhil Seetharaman ,  Ranec Highet ,  Raj Krishnan ,  Xiao Tang ,  Sriram Krishnan ,  Simon Vahr ,  Tareq Alkhatib ,  Thomas Mathew

IPC: G06F21/00 ,  G06F16/901 ,  H04L9/40 ,  G06F21/55

CPC classification number: G06F16/9024 ,  G06F21/552 ,  G06F21/554 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20

Abstract: A method, performed by one or more processors, including: receiving one or more event records; generating, using the one or more event records, an event descriptor object descriptive of one or more events occurring in a networked system, wherein the event descriptor object comprises a plurality of event properties; receiving one or more entity records; generating, using the one or more entity records, an entity descriptor object descriptive of one or more entities relevant to the security of the networked system, wherein the entity descriptor object comprises a plurality of entity properties; incorporating, into an object graph, the event descriptor object and the entity descriptor object; and associating, in the object graph, the event descriptor object with the entity descriptor object using at least one of the plurality of event properties and at least one of the plurality of entity properties.

公开(公告)号：US11411971B2

公开(公告)日：2022-08-09

申请号：US16904944

申请日：2020-06-18

Applicant: Palantir Technologies Inc.

Inventor： Akash Vaswani ,  Asavari Sinha ,  Gautam Punukollu ,  Kyle McLain ,  Vivian Yu

IPC: H04L29/06 ,  H04L9/40 ,  G06F3/0482

Abstract: A computer system is configured to generate alerts related to malicious activity on an audited computing system. The computing system is provided with instructions to receive activity information associated with activity of an entity performed in an audited computing network, access contextual information associated with the entity, determine, based on the contextual information, a set of weights associated with the activity information and combine the weight and the entity activity information to generate a risk score. In response to the risk score satisfying a threshold value, the computer system may generate an alert, and, in response to receiving a user input associated with the alert, update the set of weights. In certain embodiments, the updated weights may be used for determining the risk score of future alerts.

公开(公告)号：US20240111809A1

公开(公告)日：2024-04-04

申请号：US18525710

申请日：2023-11-30

Applicant: Palantir Technologies Inc.

Inventor： Andrew Eggleton ,  Alexandra Serenhov ,  Ankit Shankar ,  Brandon Helms ,  Brian Keohane ,  Darren Zhao ,  Elliot Colquhoun ,  Gautam Punukollu ,  Morten Kromann ,  Nikhil Seetharaman ,  Ranec Highet ,  Raj Krishnan ,  Xiao Tang ,  Sriram Krishnan ,  Simon Vahr ,  Tareq Alkhatib ,  Thomas Mathew

IPC: G06F16/901 ,  G06F21/55 ,  H04L9/40

CPC classification number: G06F16/9024 ,  G06F21/552 ,  G06F21/554 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20

Abstract: A method, performed by one or more processors, including: receiving one or more event records; generating, using the one or more event records, an event descriptor object descriptive of one or more events occurring in a networked system, wherein the event descriptor object comprises a plurality of event properties; receiving one or more entity records; generating, using the one or more entity records, an entity descriptor object descriptive of one or more entities relevant to the security of the networked system, wherein the entity descriptor object comprises a plurality of entity properties; incorporating, into an object graph, the event descriptor object and the entity descriptor object; and associating, in the object graph, the event descriptor object with the entity descriptor object using at least one of the plurality of event properties and at least one of the plurality of entity properties.

公开(公告)号：US11882145B2

公开(公告)日：2024-01-23

申请号：US17845514

申请日：2022-06-21

Applicant: Palantir Technologies Inc.

Inventor： Elliot Colquhoun ,  Abhishek Agarwal ,  Andrew Eggleton ,  Brandon Helms ,  Carl Ambroselli ,  Cem Zorlular ,  Daniel Kelly ,  Gautam Punukollu ,  Jeffrey Tsui ,  Morten Kromann ,  Nikhil Seetharaman ,  Raj Krishnan ,  Samuel Jones ,  Tareq Alkhatib ,  Dayang Shi

IPC: H04L9/40 ,  G06F8/65 ,  H04L67/75

CPC classification number: H04L63/1433 ,  G06F8/65 ,  H04L63/1441 ,  H04L67/75

Abstract: A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.

公开(公告)号：US11770390B2

公开(公告)日：2023-09-26

申请号：US17817828

申请日：2022-08-05

Applicant: Palantir Technologies Inc.

Inventor： Akash Vaswani ,  Asavari Sinha ,  Gautam Punukollu ,  Kyle McLain ,  Vivian Yu

IPC: H04L9/40 ,  G06F3/0482

CPC classification number: H04L63/1416 ,  H04L63/1433 ,  G06F3/0482

Abstract: A computer system is configured to generate alerts related to malicious activity on an audited computing system. The computing system is provided with instructions to receive activity information associated with activity of an entity performed in an audited computing network, access contextual information associated with the entity, determine, based on the contextual information, a set of weights associated with the activity information and combine the weight and the entity activity information to generate a risk score. In response to the risk score satisfying a threshold value, the computer system may generate an alert, and, in response to receiving a user input associated with the alert, update the set of weights. In certain embodiments, the updated weights may be used for determining the risk score of future alerts.

公开(公告)号：US10691756B2

公开(公告)日：2020-06-23

申请号：US15856586

申请日：2017-12-28

Applicant: Palantir Technologies Inc.

Inventor： Satej Soman ,  Duncan Hoffman ,  Salar al Khafaji ,  Jakub Kowalik ,  Pedro Sanzovo ,  Gautam Punukollu

IPC: G06F16/904 ,  G06N7/00 ,  G06F3/0484 ,  G06F16/26 ,  G06T11/20

Abstract: Computer-implemented systems and methods are disclosed for automatically aggregating, analyzing, and presenting probabilities associated with data items. Data items may be associated with probabilities or risks, and the data items may have various characteristics. A grouping of data items may be determined based on these characteristics, and probabilities within groups of data items may be aggregated and analyzed. Aggregated probabilities may be used to determine incremental probabilities for individual data items, to assess cumulative risk associated with a group of data items, and to analyze probabilities associated with a particular data item group. User interfaces may be generated to facilitate selection and grouping of data items, selection of risk models, and analysis of aggregate probabilities.