US 11,757,925 B2
Managing security actions in a computing environment based on information gathering activity of a security threat
Sourabh Satish, Fremont, CA (US); Oliver Friedrichs, Woodside, CA (US); Atif Mahadik, Fremont, CA (US); and Govind Salinas, Sunnyvale, CA (US)
Assigned to Splunk Inc., San Francisco, CA (US)
Filed by Splunk Inc., San Francisco, CA (US)
Filed on Apr. 27, 2021, as Appl. No. 17/242,165.
Application 17/242,165 is a continuation of application No. 16/736,120, filed on Jan. 7, 2020, granted, now 11,025,664.
Application 16/736,120 is a continuation of application No. 16/107,979, filed on Aug. 21, 2018, granted, now 10,567,424, issued on Feb. 18, 2020.
Application 16/107,979 is a continuation of application No. 15/886,183, filed on Feb. 1, 2018, granted, now 10,193,920, issued on Jan. 29, 2019.
Application 15/886,183 is a continuation of application No. 14/824,262, filed on Aug. 12, 2015, granted, now 9,888,029, issued on Feb. 6, 2018.
Claims priority of provisional application 62/106,830, filed on Jan. 23, 2015.
Claims priority of provisional application 62/106,837, filed on Jan. 23, 2015.
Claims priority of provisional application 62/087,025, filed on Dec. 3, 2014.
Prior Publication US 2021/0250373 A1, Aug. 12, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 21/55 (2013.01); G06F 16/28 (2019.01); H04L 47/2425 (2022.01)
CPC H04L 63/1441 (2013.01) [G06F 16/285 (2019.01); G06F 21/554 (2013.01); H04L 63/0236 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/20 (2013.01); H04L 47/2425 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method performed by an advisement system coupled to a computing environment, the computing environment comprising a plurality of computing assets, the method comprising:
identifying a security threat involving the computing environment;
obtaining state information for the security threat;
determining, based on the state information, that the security threat comprises a malicious process in a reconnaissance state in which the malicious process is attempting to gather information about a structure of the computing environment;
identifying a security action for responding to the security threat based on determining that the security threat comprises a malicious process in a reconnaissance state in which the malicious process is attempting to gather information about a structure of the computing environment;
translating the security action into a process to be implemented at a computing asset of the plurality of computing assets; and
initiating implementation of the security action at the computing asset of the plurality of computing assets.