公开(公告)号：US20240205245A1

公开(公告)日：2024-06-20

申请号：US18068484

申请日：2022-12-19

Applicant: VMware, Inc.

Inventor： Ritika SINGHAL ,  Jonathan James OLIVER ,  Shugao XIA ,  Aditya CHOUDHARY ,  Raghav BATTA

IPC: H04L9/40 ,  G06F9/455

CPC classification number: H04L63/1425 ,  G06F9/45558 ,  H04L63/1416 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: A method of filtering out new alerts generated by a security agent installed in an endpoint is based on cluster profile data of clusters that were generated by applying a clustering algorithm to locality-sensitive hash (LSH) values of prior alerts. The method includes the steps of: storing cluster profile data of each cluster that is part of a subset of the clusters; generating an LSH value of a new alert generated by the security agent; and determining that the new alert belongs to one of the clusters in the subset based on the LSH value of the new alert and, in response to said determining, filtering out the new alert from a group of alerts that require further investigation.

公开(公告)号：US20240163307A1

公开(公告)日：2024-05-16

申请号：US17987483

申请日：2022-11-15

Applicant: VMware, Inc.

Inventor： Aditya CHOUDHARY ,  Jonathan James OLIVER ,  Ritika SINGHAL ,  Shugao XIA ,  Raghav BATTA ,  Amit CHOPRA

IPC: H04L9/40

CPC classification number: H04L63/1441 ,  H04L63/104 ,  H04L63/1433

Abstract: A method of evaluating alerts generated by security agents installed in endpoints includes: receiving a locality-sensitive hash (LSH) value associated with an alert generated by a security agent installed in one of the endpoints; performing a search for centroids that are within a threshold distance from the received LSH value, wherein the centroids are each an LSH value that is representative of one of a plurality of groups of alerts; and assigning a security risk indicator to the alert associated with the received LSH value based on results of the search and transmitting the security risk indicator to a security analytics platform of the endpoints.

公开(公告)号：US20240152622A1

公开(公告)日：2024-05-09

申请号：US17984047

申请日：2022-11-09

Applicant: VMware, Inc.

Inventor： Shugao XIA ,  Ritika SINGHAL ,  Jonathan James OLIVER ,  Raghav BATTA ,  Jue MO ,  Aditya CHOUDHARY

IPC: G06F21/57 ,  G06F21/55

CPC classification number: G06F21/577 ,  G06F21/552 ,  G06F2221/034

Abstract: A method of scoring alerts generated by a plurality of endpoints includes the steps of: in response to a new alert generated by a first endpoint of the plurality of endpoints, generating an anomaly score of the new alert; identifying a rule that triggered the new alert and determining a threat score associated with the rule; and generating a security risk score for the new alert based on the anomaly score and the threat score and transmitting the security risk score to a security analytics platform of the endpoints.