US 12,231,443 B2
Analysis of endpoint detect and response data
Agustin Matias March, Cordoba (AR); Raul Osvaldo Robledo, Cordoba (AR); Alejandro Houspanossian, Cordoba (AR); and Gabriel Infante Lopez, Cordoba (AR)
Assigned to Musaruba US LLC, Plano, TX (US)
Filed by Musarubra US LLC, Plano, TX (US)
Filed on Mar. 14, 2023, as Appl. No. 18/121,543.
Application 18/121,543 is a continuation of application No. 16/586,804, filed on Sep. 27, 2019, granted, now 11,621,965.
Prior Publication US 2023/0216868 A1, Jul. 6, 2023
Int. Cl. H04L 9/40 (2022.01); G06N 20/00 (2019.01)
CPC H04L 63/1416 (2013.01) [G06N 20/00 (2019.01); H04L 63/1425 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method of detecting security threats for an enterprise, comprising:
computing commonality baseline metadata records based on multiple time windows;
filtering a first set of endpoint metadata records to identify a subset of metadata records, wherein filtering includes identifying, via machine learning, a delta between the first set of endpoint security metadata records and the commonality baseline metadata records;
based on the filtering designating the subset of metadata records as indicating a potential security threat, wherein designating includes designating the subset of metadata records for human analysis;
identifying command line operations within the endpoint metadata records; and
tokenizing the command line operations into a token, wherein the token is assigned a numerical value.