白丝美女被狂躁免费视频网站,500av导航大全精品,yw.193.cnc爆乳尤物未满,97se亚洲综合色区,аⅴ天堂中文在线网官网

Distributed digital security system

專(zhuān)利號(hào)
US11616790B2
公開(kāi)日期
2023-03-28
申請(qǐng)人
CrowdStrike, Inc.(US CA Irvine)
發(fā)明人
David F. Diehl; Michael Edward Lusignan; Thomas Johann Essebier
IPC分類(lèi)
H04L9/40; G06F16/2455; G06Q50/26
技術(shù)領(lǐng)域
event,data,security,engine,bounding,compute,rally,or,can,client
地域: CA CA Irvine

摘要

A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.

說(shuō)明書(shū)

A composition operation 302 can be associated with an expected temporally ordered arrival of two pieces of event data 122. For example, the composition operation 302 shown in FIG. 3 can apply when first event data 122A arrives at a first point in time and second event data 122B arrives at a later second point in time. Because the first event data 122A may arrive before the second event data 122B, a rally point 306 can be created and stored when the first event data 122A arrives. The rally point 306 can then be used if and when second event data 122B also associated with the rally point 306 arrives at a later point in time. For example, a composition operation 302 can be defined to create new composition event data 304 from a child process and its parent process, if the parent process executed a command line. In this example, a rally point 306 associated with a first process can be created and stored when first event data 122A indicates that the first process runs a command line. At a later point, new event data 122 may indicate that a second process, with an unrelated parent process different from the first process, is executing. In this situation, the compute engine 102 can determine that a stored rally point 306 associated with the composition does not exist for the unrelated parent process, and not generate new composition event data 304 via the composition operation 302. However, if further event data 122 indicates that a third process, a child process of the first process, has launched, the compute engine 102 would find the stored rally point 306 associated with the first process and generate the new composition event data 304 via the composition operation 302 using the rally point 306 and the new event data 122 about the third process.

權(quán)利要求

1
微信群二維碼
意見(jiàn)反饋