US 10,397,273 B1
Threat intelligence system
Thomas Charles Stickle, Saint James, NY (US); and Shane Anil Pereira, Bellevue, WA (US)
Assigned to AMAZON TECHNOLOGIES, INC., Seattle, WA (US)
Filed by Amazon Technologies, Inc., Seattle, WA (US)
Filed on Aug. 3, 2017, as Appl. No. 15/668,627.
Int. Cl. H04L 29/06 (2006.01)
CPC H04L 63/1491 (2013.01) 18 Claims
OG exemplary drawing
 
1. A system, comprising:
one or more hardware computing devices in communication with a first electronic data store and configured to execute specific computer-executable instructions that upon execution cause the system to:
receive a request from a first user to deploy a sensor;
use information describing virtual machine images used by the first user to configure a first sensor;
cause the first sensor to be launched within a virtual network of the first user with a first network connection that facilitates communication between the first sensor and one or more remote endpoints outside of the virtual network;
receive first activity information sent by the first sensor;
combine the first activity information with activity information from a second sensor associated with a second user into third activity information;
identify an Internet Protocol (“IP”) address as being a suspected source of malicious computing activity using the third activity;
create threat information that includes the IP address as a suspected source of malicious computing activity; and
make the threat information available to the first user.