公开(公告)号：US11698961B2

公开(公告)日：2023-07-11

申请号：US16549261

申请日：2019-08-23

Applicant: Palantir Technologies Inc.

Inventor： Andrew Eggleton ,  Elliot Colquhoun ,  Ranec Highet ,  Xiao Tang ,  Tareq Alkhatib ,  Raj Krishnan ,  Nik Seetharaman ,  Brandon Helms ,  Gautam Punukollu ,  Morten Kromann

IPC: G06F21/00 ,  G06F21/55 ,  G06F21/57

CPC classification number: G06F21/552 ,  G06F21/577 ,  G06F2221/034

Abstract: A method, performed by one or more processors, including receiving a plurality of system event records; processing the plurality of system event records using a set of event detectors to determine that a suspicious system event has occurred; sending, to a client device, a plurality of properties associated with the suspicious system event; receiving, from the client device, a selection indicator indicating a selected one or more properties of the plurality of properties; generating one or more new event detectors based on the selected one or more properties; and adding the one or more new event detectors to the set of event detectors.