公开(公告)号：US11956335B1

公开(公告)日：2024-04-09

申请号：US17751504

申请日：2022-05-23

Applicant: Tanium Inc.

Inventor： Naveen Goela ,  Rishi Kant ,  Andrew R. White ,  Christian L. Hunt ,  David Irwin

IPC: H04L67/75 ,  G06F16/2458 ,  H04L41/12 ,  H04L67/10

CPC classification number: H04L67/75 ,  G06F16/2477 ,  H04L41/12 ,  H04L67/10

Abstract: An application mapping procedure obtains and aggregates application mapping information from a plurality of machines in a distributed system. An application dependency map, including first layer of application mapping information, is initialized, and then a first query is sent to one or more of the machines. In response, information identifying entities that have participated in predefined communications with entities identified in an existing layer of application mapping information in the application dependency map are received, and a second layer of application mapping information is added to the application dependency map, based at least in part on the information received in response to the first query. After adding the second layer of application mapping information to the application dependency map, a second query is sent to one or more of the of the endpoint machines, the second query being based at least in part on the application dependency map.

公开(公告)号：US11343355B1

公开(公告)日：2022-05-24

申请号：US16943291

申请日：2020-07-30

Applicant: Tanium Inc.

Inventor： Naveen Goela ,  Rishi Kant ,  Andrew R. White ,  Christian L. Hunt ,  David Irwin

IPC: H04L29/08 ,  H04L12/24 ,  H04L67/75 ,  G06F16/2458 ,  H04L67/10 ,  H04L41/12

Abstract: An application mapping procedure obtains and aggregates application mapping information from a plurality of machines in a distributed system. A first layer of application mapping information is generated, identifying application entry points, each comprising a machine and a process executed by the identified machine. An application map is initialized with the first layer of application mapping information. A plurality of iterations of a predefined map gathering operation are performed, each iteration adding a layer of application mapping information to the application map, thereby producing an application map of the distributed processing of one or more respective applications. Each iteration sends queries, via one or more linear communication orbits, to machines in the distributed system, and obtains from the machines information identifying entities that have participated in predefined communications with entities identified in a most recently generated or added layer of application mapping information.

公开(公告)号：US10929345B2

公开(公告)日：2021-02-23

申请号：US16532391

申请日：2019-08-05

Applicant: Tanium Inc.

Inventor： Joshua F. Stoddard ,  John R. Coates ,  Naveen Goela ,  Aaron J. Tarter ,  Christian L. Hunt

IPC: G06F16/14 ,  G06F16/182 ,  H04L29/08

Abstract: In a distributed system, each of N machines receives a similarity search query through a linear communication orbit. The similarity search query includes token identifiers corresponding to tokens in a target document. Each machine, in response, identifies files that meet predefined similarity criteria with respect to the target document. Subsequent to receiving the similarity search query, the machine generates a first report, including a count of files stored at the machine that meet the predefined similarity criteria with respect to the target document, and/or information identifying a set of files that meet the predefined similarity criteria with respect to the target document; and sends the first report to a server through the linear communication orbit. The server produces a merged report presenting information with respect to files at a set of machines, including the N machines, that meet the predefined similarity criteria with respect to the target document.

公开(公告)号：US11886229B1

公开(公告)日：2024-01-30

申请号：US17182083

申请日：2021-02-22

Applicant: Tanium Inc.

Inventor： Naveen Goela ,  Joshua F. Stoddard ,  John R. Coates ,  Christian L. Hunt ,  Adam Mustafa

IPC: G06F16/14 ,  G06F16/13 ,  G06F16/93 ,  G06F16/182 ,  G06F18/22

CPC classification number: G06F16/156 ,  G06F16/137 ,  G06F16/144 ,  G06F16/182 ,  G06F16/93 ,  G06F18/22

Abstract: In a distributed system that includes a collection of machines, a server system generates a global dictionary from sampling responses received from machines in the collection of machine, at least a subject of the sampling responses including information indicating one or more terms in a corpus of information stored at a respective machine in the collection of machines. The global dictionary includes global document frequency values corresponding to the document frequencies of terms in the corpora of information stored in the collection of machines. The server system generates a similarity search query for a target document, the similarity search query including identifiers of terms in the target document and optionally document frequency information for those terms, obtained from the global dictionary, and sends, through one or more linear communication orbits, the similarity search query to one or more respective machines in the collection of machines.