公开(公告)号：US20190081971A1

公开(公告)日：2019-03-14

申请号：US16186801

申请日：2018-11-12

Applicant: Palantir Technologies Inc.

Inventor： Samuel Jones ,  Timothy Yousaf ,  Drew Dennison ,  Vivek Lakshmanan ,  Joseph Staehle ,  Samuel Kremin ,  Maxim Kesin ,  Taylor Heroux

IPC: H04L29/06 ,  G06F21/55 ,  H04L29/08

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.

公开(公告)号：US20180351991A1

公开(公告)日：2018-12-06

申请号：US16035956

申请日：2018-07-16

Applicant: Palantir Technologies Inc.

Inventor： Samuel Jones ,  Joseph Staehle ,  Lucy Cheng

IPC: H04L29/06 ,  G06F21/55

CPC classification number: H04L63/1433 ,  G06F21/55 ,  G06F21/577 ,  H04L63/102 ,  H04L63/107 ,  H04L63/14 ,  H04L63/1425

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for computer network security risk assessment. One of the methods includes obtaining compromise likelihoods for user accounts. Information describing a network topology of a network is obtained, with the network topology being nodes each connected by an edge to other nodes, each node being associated with a compromise likelihood, and one or more nodes are high value nodes associated with a compromise value. Unique paths to each of the high value nodes are determined for a particular user account. An expected value for each path is determined based on the compromise likelihood of the particular user account, the compromise likelihood of each node included in the path, the communication weight of each edge included in the path, and the compromise value associated with the high value node. User interface data is generated describing at least one path.

公开(公告)号：US09635046B2

公开(公告)日：2017-04-25

申请号：US15253717

申请日：2016-08-31

Applicant: Palantir Technologies Inc.

Inventor： Ezra Spiro ,  Joseph Staehle ,  Andrew Levine ,  Juan Ricafort ,  Alvaro Morales

IPC: H04L29/06 ,  G06F17/27 ,  G06F17/30

CPC classification number: H04L63/1425 ,  G06F3/0482 ,  G06F17/3053 ,  G06F17/30864 ,  G06F21/552 ,  H04L51/12 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/1483

Abstract: A data analysis system receives potentially undesirable electronic communications and automatically groups them in computationally-efficient data clusters, automatically analyze those data clusters, automatically tags and groups those data clusters, and provides results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the data clusters may include an automated application of various criteria or rules so as to generate an ordered display of the groups of related data clusters such that the analyst may quickly and efficiently evaluate the groups of data clusters. In particular, the groups of data clusters may be dynamically re-grouped and/or filtered in an interactive user interface so as to enable an analyst to quickly navigate among information associated with various groups of data clusters and efficiently evaluate those data clusters.

公开(公告)号：US10965705B2

公开(公告)日：2021-03-30

申请号：US16597711

申请日：2019-10-09

Applicant: Palantir Technologies Inc.

Inventor： Ezra Spiro ,  Joseph Staehle ,  Andrew Levine ,  Juan Ricafort ,  Alvaro Morales

IPC: H04L29/06 ,  G06F16/2457 ,  G06F16/951 ,  G06F21/55 ,  G06F3/0482 ,  H04L12/58

Abstract: A data analysis system receives potentially undesirable electronic communications and automatically groups them in computationally-efficient data clusters, automatically analyze those data clusters, automatically tags and groups those data clusters, and provides results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the data clusters may include an automated application of various criteria or rules so as to generate an ordered display of the groups of related data clusters such that the analyst may quickly and efficiently evaluate the groups of data clusters. In particular, the groups of data clusters may be dynamically re-grouped and/or filtered in an interactive user interface so as to enable an analyst to quickly navigate among information associated with various groups of data clusters and efficiently evaluate those data clusters.

公开(公告)号：US20180046801A1

公开(公告)日：2018-02-15

申请号：US15726917

申请日：2017-10-06

Applicant: Palantir Technologies Inc.

Inventor： Matthew Falk ,  Timothy Yousaf ,  Joseph Staehle ,  Lucas Lemanowicz ,  Sebastien Noury ,  Robin Lim ,  Michael Glazer

IPC: G06F21/56 ,  G06F21/62 ,  H04L29/06

CPC classification number: G06F21/56 ,  G06F21/6209 ,  G06F21/6218 ,  G06F2221/034 ,  H04L63/105

Abstract: Embodiments of the present disclosure relate to a data analysis system that may automatically analyze a suspected malware file, or group of files. Automatic analysis of the suspected malware file(s) may include one or more automatic analysis techniques. Automatic analysis of may include production and gathering of various items of information related to the suspected malware file(s) including, for example, calculated hashes, file properties, academic analysis information, file execution information, third-party analysis information, and/or the like. The analysis information may be automatically associated with the suspected malware file(s), and a user interface may be generated in which the various analysis information items are presented to a human analyst such that the analyst may quickly and efficiently evaluate the suspected malware file(s). For example, the analyst may quickly determine one or more characteristics of the suspected malware file(s), whether or not the file(s) is malware, and/or a threat level of the file(s).

公开(公告)号：US20170041335A1

公开(公告)日：2017-02-09

申请号：US15253717

申请日：2016-08-31

Applicant: Palantir Technologies Inc.

Inventor： Ezra Spiro ,  Joseph Staehle ,  Andrew Levine ,  Juan Ricafort ,  Alvaro Morales

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1425 ,  G06F3/0482 ,  G06F17/3053 ,  G06F17/30864 ,  G06F21/552 ,  H04L51/12 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/1483

Abstract: A data analysis system receives potentially undesirable electronic communications and automatically groups them in computationally-efficient data clusters, automatically analyze those data clusters, automatically tags and groups those data clusters, and provides results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the data clusters may include an automated application of various criteria or rules so as to generate an ordered display of the groups of related data clusters such that the analyst may quickly and efficiently evaluate the groups of data clusters. In particular, the groups of data clusters may be dynamically re-grouped and/or filtered in an interactive user interface so as to enable an analyst to quickly navigate among information associated with various groups of data clusters and efficiently evaluate those data clusters.

Abstract translation: 数据分析系统接收潜在的不需要的电子通信，并将其自动分组在计算高效的数据集群中，自动分析这些数据集群，自动标记和分组这些数据集群，并以优化的方式为分析人员提供自动化分析和分组的结果 。 数据集群的自动化分析可以包括各种标准或规则的自动化应用，以便生成相关数据集群组的有序显示，使得分析人员可以快速有效地评估数据集群。 特别地，可以在交互式用户界面中动态重新分组和/或过滤数据群组，以使分析人员可以快速地在与各种数据集群相关联的信息之间导航，并有效地评估这些数据集群。

公开(公告)号：US11956267B2

公开(公告)日：2024-04-09

申请号：US17443272

申请日：2021-07-23

Applicant: Palantir Technologies Inc.

Inventor： Samuel Jones ,  Joseph Staehle ,  Lucy Cheng

IPC: H04L9/40 ,  G06F21/55 ,  G06F21/57

CPC classification number: H04L63/1433 ,  G06F21/55 ,  G06F21/577 ,  H04L63/102 ,  H04L63/107 ,  H04L63/14 ,  H04L63/1425

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for computer network security risk assessment. One of the methods includes obtaining compromise likelihoods for user accounts. Information describing a network topology of a network is obtained, with the network topology being nodes each connected by an edge to other nodes, each node being associated with a compromise likelihood, and one or more nodes are high value nodes associated with a compromise value. Unique paths to each of the high value nodes are determined for a particular user account. An expected value for each path is determined based on the compromise likelihood of the particular user account, the compromise likelihood of each node included in the path, the communication weight of each edge included in the path, and the compromise value associated with the high value node. User interface data is generated describing at least one path.

公开(公告)号：US11470102B2

公开(公告)日：2022-10-11

申请号：US16186801

申请日：2018-11-12

Applicant: Palantir Technologies Inc.

Inventor： Samuel Jones ,  Timothy Yousaf ,  Drew Dennison ,  Vivek Lakshmanan ,  Joseph Staehle ,  Samuel Kremin ,  Maxim Kesin ,  Taylor Heroux

IPC: H04L9/40 ,  G06F21/55 ,  H04L67/306

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.

公开(公告)号：US11089043B2

公开(公告)日：2021-08-10

申请号：US16035956

申请日：2018-07-16

Applicant: Palantir Technologies Inc.

Inventor： Samuel Jones ,  Joseph Staehle ,  Lucy Cheng

IPC: G06F21/55 ,  H04L29/06 ,  G06F21/57

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for computer network security risk assessment. One of the methods includes obtaining compromise likelihoods for user accounts. Information describing a network topology of a network is obtained, with the network topology being nodes each connected by an edge to other nodes, each node being associated with a compromise likelihood, and one or more nodes are high value nodes associated with a compromise value. Unique paths to each of the high value nodes are determined for a particular user account. An expected value for each path is determined based on the compromise likelihood of the particular user account, the compromise likelihood of each node included in the path, the communication weight of each edge included in the path, and the compromise value associated with the high value node. User interface data is generated describing at least one path.

公开(公告)号：US10484407B2

公开(公告)日：2019-11-19

申请号：US15459872

申请日：2017-03-15

Applicant: Palantir Technologies Inc.

Inventor： Ezra Spiro ,  Joseph Staehle ,  Andrew Levine ,  Juan Ricafort ,  Alvaro Morales

IPC: H04L29/06 ,  G06F16/2457 ,  G06F3/0482 ,  G06F21/55 ,  H04L12/58 ,  G06F16/951

Abstract: A data analysis system receives potentially undesirable electronic communications and automatically groups them in computationally-efficient data clusters, automatically analyze those data clusters, automatically tags and groups those data clusters, and provides results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the data clusters may include an automated application of various criteria or rules so as to generate an ordered display of the groups of related data clusters such that the analyst may quickly and efficiently evaluate the groups of data clusters. In particular, the groups of data clusters may be dynamically re-grouped and/or filtered in an interactive user interface so as to enable an analyst to quickly navigate among information associated with various groups of data clusters and efficiently evaluate those data clusters.