&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11874872.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,874,872 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>System event detection system and method</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Andrew Eggleton,  Doha (QA);  Alexandra Serenhov,  Stockholm (SE);  Ankit Shankar,  San Francisco, CA (US);  Brandon Helms,  Arnold, MD (US);  Brian Keohane,  New York, NY (US);  Darren Zhao,  New York, NY (US);  Elliot Colquhoun,  Sydney (AU);  Gautam Punukollu,  New York, NY (US);  Morten Kromann,  Copenhagen (DK);  Nikhil Seetharaman,  Palo Alto, CA (US);  Ranec Highet,  Hertfordshire (GB);  Raj Krishnan,  Mumbai (IN);  Xiao Tang,  Singapore (SG);  Sriram Krishnan,  New York, NY (US);  Simon Vahr,  London (GB);  Tareq Alkhatib,  Richmond (CA); and  Thomas Mathew,  New York, NY (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Palantir Technologies Inc.,  Denver, CO (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Palantir Technologies Inc.,  Denver, CO (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Oct.  22, 2019, as Appl. No. 16/660,217.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Claims priority of application No. 1914344 (GB), filed on Oct.  4, 2019.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2023/0394083 A1, Dec.  7, 2023</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/00</b></i> (2013.01); <i><b>G06F 16/901</b></i> (2019.01); <i><b>H04L 9/40</b></i> (2022.01); <i><b>G06F 21/55</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 16/9024</b></i> (2019.01)&#xa0;[<i><b>G06F 21/552</b></i> (2013.01); <i><b>G06F 21/554</b></i> (2013.01); <i><b>H04L 63/1416</b></i> (2013.01); <i><b>H04L 63/1425</b></i> (2013.01); <i><b>H04L 63/1433</b></i> (2013.01); <i><b>H04L 63/20</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>17 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11874872-20240116-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method, performed by one or more processors, comprising:<div class="claim_text">receiving one or more event records;</div>
                <div class="claim_text">generating, using the one or more event records, an event descriptor object descriptive of one or more potential suspicious system events indicative of a cybersecurity threat occurring in a networked system, wherein the event descriptor object comprises a plurality of event properties;</div>
                <div class="claim_text">receiving one or more entity records;</div>
                <div class="claim_text">generating, using the one or more entity records, an entity descriptor object descriptive of one or more entities relevant to a security of the networked system, wherein the entity descriptor object comprises a plurality of entity properties;</div>
                <div class="claim_text">incorporating, into an object graph, the event descriptor object as a first node and the entity descriptor object as a second node;</div>
                <div class="claim_text">in response to determining that a value of an entity property of the plurality of entity properties matches a value of an event property of the plurality of event properties, associating, in the object graph, the event descriptor object with the entity descriptor object; and</div>
                <div class="claim_text">determining a course of action entity descriptor object descriptive of one or more actions for mitigating the cybersecurity threat, wherein the object graph comprises a link between the event descriptor object and the course of action entity descriptor object.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>