Using content stored in an entity behavior catalog in combination with an entity risk score
US11949700B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 9, 2021 |
| Grant date | Apr 2, 2024 |
| Priority date | — |
| Expiry date | Oct 15, 2042 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L43/16
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity, the monitoring comprising monitoring the plurality of electronically-observable actions via a protected endpoint; converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity; generating a representation of occurrences of a particular event from the plurality of events enacted by the entity; and performing an anomaly detection operation based upon the representation of occurrences of the particular event from the plurality of events enacted by the entity, the anomaly detection operation determining when the representation of occurrences of the particular event exceeds a predetermined threshold.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.