公开(公告)号：US20250131084A1

公开(公告)日：2025-04-24

申请号：US18491593

申请日：2023-10-20

Applicant: VMware, Inc.

Inventor： Jue MO ,  Aditya CHOUDHARY ,  Jonathan James OLIVER ,  Raghav BATTA ,  Lalit Prithviraj JAIN

IPC: G06F21/55 ,  G06F21/57

Abstract: A computer system comprises a plurality of endpoints at which security agents generate security alerts and a machine-learning (ML) system that receives the security alerts from the endpoints and that separates the security alerts into a plurality of clusters, wherein the ML system is configured to execute on a processor of a hardware platform to: determine that a group of first alerts of the security alerts belongs to a first cluster of the clusters; create a first representative alert from metadata of the first alerts belonging to the first cluster; and in response to a security analytics platform evaluating the first representative alert as being harmless to the computer system, store information indicating that all of the first alerts are harmless.

公开(公告)号：US20240370533A1

公开(公告)日：2024-11-07

申请号：US18313191

申请日：2023-05-05

Applicant: VMware, Inc.

Inventor： Shelly MEHTA ,  Lalit Prithviraj JAIN ,  Raghav BATTA ,  Jonathan James OLIVER

IPC: G06F21/12 ,  G06F21/57

Abstract: A machine-learning (ML) platform at which alerts are received from endpoints and divided into a plurality of clusters, wherein a plurality of alerts in each of the clusters is labeled based on metrics of maliciousness determined at a security analytics platform, the plurality of alerts in each of the clusters representing a population diversity of the alerts, and wherein the ML platform is configured to execute on a processor of a hardware platform to: select an alert from a cluster for evaluation by the security analytics platform; transmit the selected alert to the security analytics platform, and then receive a determined metric of maliciousness for the selected alert from the security analytics platform; and based on the determined metric of maliciousness, label the selected alert and update a rate of selecting alerts from the cluster for evaluation by the security analytics platform.

公开(公告)号：US20240241945A1

公开(公告)日：2024-07-18

申请号：US18154758

申请日：2023-01-13

Applicant: VMware, Inc.

Inventor： Lalit Prithviraj JAIN ,  Raghav BATTA ,  Jonathan James OLIVER ,  Anjali MANGAL

IPC: G06F21/55

CPC classification number: G06F21/552 ,  G06F2221/034

Abstract: A method of correlating alerts that are generated by a plurality of endpoints includes the steps of: collecting alert data of alerts generated by the endpoints; for each endpoint, computing alert sequences based on the collected alert data; training a sequence-based model with the computed alert sequences, to generate a vector representation for each of the alerts; for each alert in a set of alerts generated during a first time period, acquiring a vector representation corresponding thereto, which has been generated by the sequence-based model; and applying a clustering algorithm to the vector representations of the alerts in the set of alerts to generate a plurality of clusters of correlated alerts.