SIEM system and methods for exfiltrating event data

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Peter Thayer · Indianapolis, US
• Jagannathan Deepak MANOHAR · Redmond, US
• Jason Matthew Conradt · Monroe, US
• Karthik Selvaraj · Kirkland, US
• Donald J. Ankney · Seattle, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG05B19/0428
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Embodiments provide for a security information and event management (SIEM) system utilizing distributed agents that can intelligently traverse a network to exfiltrate data in an efficient and secure manner. A plurality of agent devices can dynamically learn behavioral patterns and/or service capabilities of other agent devices in the networking environment, and select optimal routes for exfiltrating event data from within the network. The agent devices can independently, selectively, or collectively pre-process event data for purposes of detecting a suspect event from within the network. When a suspect event is detected, agent devices can select a target device based on the learned service capabilities and networking environment, and communicate the pre-processed event data to the target device. The pre-processed event data is thus traversed through the network along an optimal route until it is exfiltrated from the network and stored on a remote server device for storage and further analysis.