公开(公告)号：US11968225B2

公开(公告)日：2024-04-23

申请号：US17839339

申请日：2022-06-13

申请人： Qualys, Inc.

发明人： Mayuresh Vishwas Dani ,  Ankur S. Tyagi ,  Rishikesh Jayaram Bhide

IPC分类号： H04L9/40

CPC分类号： H04L63/1433

摘要： Methods and systems for generating an attack path based on user and system risk profiles are presented. The method comprises determining user information associated with a computing device; determining system exploitability information of the computing device; determining system criticality information of the computing device; determining a risk profile for the computing device based on the user information, the system exploitability information, and the system criticality information; and generating an attack path based on the risk profile. The attack path indicates a route through which an attacker accesses the computing device. The system exploitability information indicates one or more of: the vulnerability associated with the computing device, an exposure window associated with the computing device, and a protection window associated with the computing device. The system criticality information indicates one or more: assets associated with the computing device and services associated with the computing device.

公开(公告)号：US11805147B2

公开(公告)日：2023-10-31

申请号：US17216572

申请日：2021-03-29

申请人： Qualys, Inc.

发明人： Mayuresh Vishwas Dani ,  Ankur S. Tyagi

IPC分类号： H04L9/40 ,  H04L29/06

CPC分类号： H04L63/1433 ,  H04L63/14 ,  H04L63/1425 ,  H04L63/1441

摘要： The present describes simulating a threat-actor executing an attack execution operation. According to one aspect of the subject matter described in this disclosure, a method for generating a domain-specific language (DSL) simulant is disclosed. The method may comprise determining, a framework based on an attack repository, determining a first primitive based on the framework, and determining a second primitive based on the framework. In one implementation, the first primitive and the second primitive are fundamental structures or constructs within a DSL. The method further comprises combining the first primitive and the second primitive into a DSL simulant. In one implementation, the DSL simulant is executed to simulate a threat-actor executing an attack execution operation.

公开(公告)号：US11706242B2

公开(公告)日：2023-07-18

申请号：US17409600

申请日：2021-08-23

申请人： Qualys, Inc.

发明人： Wissam Ali-Ahmad ,  Wolfgang Kandek ,  Holger Kruse ,  Vikas Dewan ,  Khair-ed-dine Mazboudi ,  Ganesh Jampani ,  Kenneth K. Okumura

IPC分类号： H04L9/40 ,  G06F3/048 ,  H04L67/02

CPC分类号： H04L63/1433 ,  G06F3/048 ,  H04L63/0281 ,  H04L63/1408 ,  H04L63/1441 ,  H04L63/166 ,  H04L67/02 ,  G06F2221/2101 ,  G06F2221/2119

摘要： Methods and systems for scanning an endpoint terminal across an open computer network are disclosed. An exemplary method includes providing a scanner engine in a computer server in communication with an open computer network, and establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on the endpoint terminal in communication with the open computer network. Commands for collecting data regarding the endpoint terminal are sent from the scanner engine across the secure connection to the scanner agent. The scanner engine then receives the collected data from the scanner agent across the secure connection, analyzes the data to assess a current posture of the endpoint terminal, and determines any updates for the endpoint terminal from the analysis. Updates are sent across the secure connection to the scanner agent for installation on the endpoint terminal, and the secure connection may then be terminated.

公开(公告)号：US20220294810A1

公开(公告)日：2022-09-15

申请号：US17751236

申请日：2022-05-23

申请人： Qualys, Inc.

发明人： Ankur S. Tyagi ,  Mayuresh Vishwas Dani

IPC分类号： H04L9/40

摘要： The present disclosure relates to methods, systems, and computer program products for generating an asset remediation trend map used in remediating against an attack campaign. The method comprises receiving attack kill chain data. The attack kill chain data comprises steps for executing an attack campaign on one or more assets associated with a computing device. The method further comprises parsing the attack kill chain data to determine one or more attack execution operations for executing the attack campaign on the one or more assets associated with the computing device. The method determines based on the parsing, one or more remediation operations corresponding to the one or more attack execution operations. In addition, the method sequences the one or more remediation operations to form an asset remediation trend map. In one implementation, the asset remediation trend map indicates steps for remediating the attack campaign.

公开(公告)号：US20220277078A1

公开(公告)日：2022-09-01

申请号：US17745733

申请日：2022-05-16

申请人： Qualys, Inc.

发明人： Ankur S. Tyagi ,  Mayuresh Vishwas Dani

IPC分类号： G06F21/55

摘要： The present disclosure relates to methods, systems, and computer program products for generating an attack kill chain for threat analysis. The method comprises receiving a first security event captured by a first security operation associated with a computing device, and receiving a second security event captured by a second security operation associated with the computing device. The first security event and the second security event are associated with an attack campaign. The method further comprises mapping the first security event to first security data in an attack repository, and mapping the second security event to second security data in the attack repository. The method also comprises determining based on the mapping, one or more attack execution operations for executing the attack campaign associated with the first security event and the second security event. Additionally, the method sequences the one or more attack execution operations to form an attack kill chain.

公开(公告)号：US20220191237A1

公开(公告)日：2022-06-16

申请号：US17683214

申请日：2022-02-28

申请人： Qualys, Inc.

发明人： Ganesh Nikam ,  Akash Shah

IPC分类号： H04L9/40 ,  H04L67/133 ,  G06F16/951 ,  G06F9/54 ,  G06F9/445

摘要： Methods and systems for securing an application programming interface (API) are presented. The method comprises: receiving API workflow data associated with an API testing tool and generating a scan configuration file using the API workflow data; crawling the collection of API requests by identifying and retrieving a link associated with the collection of API requests; and crawling the link to generate a crawled link response. The method also includes executing one or more vulnerability tests on the crawled link response including applying at least one passive detection rule to the crawled link response and fuzzing the link. The fuzzed link may be transmitted in a request to an application server following which scan data indicative of at least one vulnerability associated with a response from the application server may be generated. The scan data may be used to generate a vulnerability report.

公开(公告)号：US20210243230A1

公开(公告)日：2021-08-05

申请号：US17216632

申请日：2021-03-29

申请人： Qualys, Inc.

发明人： Mayuresh Vishwas Dani ,  Ankur S. Tyagi

IPC分类号： H04L29/06

摘要： The present disclosure describes defending against an attack execution operation. According to one aspect of the subject matter described in this disclosure, a method for generating a domain-specific language (DSL) file is disclosed. The method may comprise determining, a framework based on an attack repository, determining a first primitive based on the framework, and determining a second primitive based on the framework. In one implementation, the first primitive and the second primitive are fundamental structures or constructs within a DSL. The method further comprises combining the first primitive and the second primitive into a DSL file. In one implementation, the DSL file is executed to defend against a first attack execution operation executed by a threat-actor.

公开(公告)号：US20210218767A1

公开(公告)日：2021-07-15

申请号：US17216572

申请日：2021-03-29

申请人： Qualys, Inc.

发明人： Mayuresh Vishwas Dani ,  Ankur S. Tyagi

IPC分类号： H04L29/06

摘要： The present describes simulating a threat-actor executing an attack execution operation. According to one aspect of the subject matter described in this disclosure, a method for generating a domain-specific language (DSL) simulant is disclosed. The method may comprise determining, a framework based on an attack repository, determining a first primitive based on the framework, and determining a second primitive based on the framework. In one implementation, the first primitive and the second primitive are fundamental structures or constructs within a DSL. The method further comprises combining the first primitive and the second primitive into a DSL simulant. In one implementation, the DSL simulant is executed to simulate a threat-actor executing an attack execution operation.

公开(公告)号：US11012460B2

公开(公告)日：2021-05-18

申请号：US15478096

申请日：2017-04-03

申请人： Qualys, Inc.

发明人： Sean M. Molloy ,  Terry Ramos ,  Sumedh Thakar

IPC分类号： H04L29/06 ,  G06F16/25 ,  G06F16/907 ,  G06F16/901 ,  G06F16/2457 ,  G06Q10/08 ,  H04L29/08

摘要： A dynamical hierarchical tagging system connected to a user site through a remote communications network. The system may comprise a master controller, a job management server connected to the master controller, one or more scanners in communication with the job management server, wherein the one or more scanners are configured to scan for one or more user assets located at the user site, resulting in scan results, a scan logic processor connected to the master controller, wherein the scan logic processor is configured to store the scan results in a user database, a tagging logic engine connected to the master controller, wherein the tagging logic engine is configured to tag the scan results stored in the user database, and an indexing logic processor connected to the master controller, wherein the indexing logic processor is configured to search and index the tagged scan results stored in the user database.

公开(公告)号：US10652268B2

公开(公告)日：2020-05-12

申请号：US16024726

申请日：2018-06-29

申请人： QUALYS, INC.

发明人： Wissam Ali-Ahmad ,  Wolfgang Kandek ,  Holger Kruse ,  Vikas Dewan ,  Khair-ed-dine Mazboudi ,  Ganesh Jampani ,  Kenneth K. Okumura

IPC分类号： H04L29/06 ,  G06F3/048 ,  H04L29/08

摘要： Methods and systems for scanning an endpoint terminal across an open computer network are disclosed. An exemplary method includes providing a scanner engine in a computer server in communication with an open computer network, and establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on the endpoint terminal in communication with the open computer network. Commands for collecting data regarding the endpoint terminal are sent from the scanner engine across the secure connection to the scanner agent. The scanner engine then receives the collected data from the scanner agent across the secure connection, analyzes the data to assess a current posture of the endpoint terminal, and determines any updates for the endpoint terminal from the analysis. Updates are sent across the secure connection to the scanner agent for installation on the endpoint terminal, and the secure connection may then be terminated.