US 12,219,070 B2
Method, product, and system for generating detection signatures based on attack paths in a computer network identified using a software representation that embodies network configuration and policy data for security management using detection signature templates
Nicolas Beauchesne, Honolulu, HI (US); Sohrob Kazerounian, Brookline, MA (US); William Stow Finlayson, IV, Cherry Hill, NJ (US); and Karl Matthew Lynn, San Jose, CA (US)
Assigned to Vectra AI, Inc., San Jose, CA (US)
Filed by Vectra AI, Inc., San Jose, CA (US)
Filed on Apr. 1, 2022, as Appl. No. 17/711,903.
Prior Publication US 2023/0318845 A1, Oct. 5, 2023
Int. Cl. H04L 9/32 (2006.01); H04L 47/70 (2022.01); H04L 47/762 (2022.01)
CPC H04L 9/3247 (2013.01) [H04L 47/762 (2013.01); H04L 47/827 (2013.01); H04L 47/828 (2013.01)] 24 Claims
OG exemplary drawing
 
1. A method comprising:
identifying a plurality of candidate triggers selected for implementation as detection signatures, wherein the plurality of candidate triggers correspond to state-to-state transitions identified by analyzing a software representation of a computer network, the software representation represents actions that can be taken on the computer network, and the software representation of the computer network was generated based on network configuration data and network policy data that specify access rights; and
processing one or more candidate triggers of the plurality of candidate triggers to generate detection signature instances, wherein each of the one or more candidate triggers are processed by:
selecting a respective candidate trigger of the one or more candidate triggers;
identifying a corresponding detection signature template;
duplicating the corresponding detection signature template; and
modifying the duplicate detection signature template to form a respective detection signature.