公开(公告)号：US20240069948A1

公开(公告)日：2024-02-29

申请号：US17896718

申请日：2022-08-26

Applicant: VMware, Inc.

Inventor： Alexander Julian THOMAS ,  Amit CHOPRA ,  Anjali MANGAL ,  Xiaosheng WU ,  Ereli ERAN

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2009/45595

Abstract: Mapping of applications by the most common file path in which they are installed or found to be running. Embodiments of the disclosure may determine the most commonly occurring hash values appearing in events generated by a virtualized network. These most commonly occurring hash values may correspond to the hash values of file paths associated with the greatest number of detected events. The database may then be queried to determine the most commonly occurring file path for each of these hash values. A table of such most commonly occurring file paths and their associated hash values may then be compiled and stored. Use of the most commonly occurring file path in lieu of an alert's actual file path may prevent undesired or malicious processes from going undetected by simply adopting a new file path that has yet to be recognized as being associated with undesired behavior.

公开(公告)号：US20230300155A1

公开(公告)日：2023-09-21

申请号：US18322558

申请日：2023-05-23

Applicant: VMware, Inc.

Inventor： Zhen MO ,  Ereli ERAN ,  Barak RAZ ,  Vijay GANTI

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/20 ,  H04L63/0263 ,  H04L63/1441

Abstract: The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the obtained event data over the time interval based at least on cardinality estimation. The calculated event impact scores are merged into the set of aggregated event impact scores associated with the rolling time interval and event impact scores associated with an expired time interval are removed from the set of aggregated event impact scores. Based on the set of aggregated event impact scores, at least one security operation is performed for at least one computing event.

公开(公告)号：US20220232032A1

公开(公告)日：2022-07-21

申请号：US17151142

申请日：2021-01-16

Applicant: VMware, Inc.

Inventor： Zhen MO ,  Ereli ERAN ,  Barak RAZ ,  Vijay GANTI

IPC: H04L29/06 ,  G06N7/00

Abstract: The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the obtained event data over the time interval based at least on cardinality estimation. The calculated event impact scores are merged into the set of aggregated event impact scores associated with the rolling time interval and event impact scores associated with an expired time interval are removed from the set of aggregated event impact scores. Based on the set of aggregated event impact scores, at least one security operation is performed for at least one computing event.