白丝美女被狂躁免费视频网站,500av导航大全精品,yw.193.cnc爆乳尤物未满,97se亚洲综合色区,аⅴ天堂中文在线网官网

Distributed digital security system

專利號(hào)
US11616790B2
公開日期
2023-03-28
申請(qǐng)人
CrowdStrike, Inc.(US CA Irvine)
發(fā)明人
David F. Diehl; Michael Edward Lusignan; Thomas Johann Essebier
IPC分類
H04L9/40; G06F16/2455; G06Q50/26
技術(shù)領(lǐng)域
event,data,security,engine,bounding,compute,rally,or,can,client
地域: CA CA Irvine

摘要

A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.

說明書

FIG. 9 depicts an example of a storage processor 810 sending event data 122 to a corresponding compute engine 102. As described above, the compute engine 102 can process incoming event data 122 based on refinement operations 202, composition operations 302, and/or other operations. However, in some examples, the compute engine 102 may not initially be able to perform one or more of these operations on certain event data 122. For example, if a particular operation of the compute engine 102 compares attributes in event data 122 about different processes to identify which parent process spawned a child process, the compute engine 102 may not be able to perform that particular operation if the compute engine 102 has received event data 122 about the child process but has not yet received event data 122 about the parent process.

In these types of situations, in which the compute engine 104 receives first event data 122 but expects related second event data 122 to arrive later that may be relevant to an operation, the compute engine 104 can issue a claim check 902 to the storage processor 810. The claim check 902 can indicate that the compute engine 104 is expecting second event data. 122 to arrive that may be related to first event data 122 that has already arrived, and that the storage processor 810 should resend the first event data 122 to the compute engine 104 along with the second event data 122 if and when the second event data 122 arrives. In some examples, the claim check 902 can identify the first and/or second event data 122 using a key, identifier, string value, and/or any other type of attribute.

權(quán)利要求

1
微信群二維碼
意見反饋