Risk event detection using activity and graph-based context for cloud data security posture management

Assignee

• Normalyze, Inc. · US

Inventors

• Mummoorthy Murugesan · Gilroy, US
• Bharath S Kallur · Kanchinakote, IN
• Ravishankar Ganesh Ithal · Los Altos, US
• Abhinav Singh · Sunnyvale, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/566
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

The technology disclosed relates to a system and method for detecting risk events in cloud environment that obtains set of risk signature definitions and deploys an event log scanner to the cloud environment. The event log scanner is configured to detect instances of candidate risk events in accordance with the set of risk signature definitions based on a scan of event log and to label each detected instance with a signature identifier that identifies one or more risk signatures that corresponds to the detected instance. Result metadata is received indicative of the detected instances, based on the result metadata, context information associated with the detected instances is obtained based on cloud infrastructure graph. An output is generated representing a classification of one or more of the detected instances of candidate risk events as a risk event based on the context information relative to the set of risk signature definitions.