| CPC G06F 21/566 (2013.01) [G06F 8/41 (2013.01); G06F 9/45558 (2013.01); G06F 21/567 (2013.01); G06F 2009/45587 (2013.01)] | 19 Claims |
|
1. A non-transitory computer readable medium, comprising instructions for generating a packaged behavior rule for behavioral threat detection, the instructions for:
processing a first set of rule instructions to generate a first behavior rule binary, wherein processing comprises:
generating, from the first set of rule instructions, an intermediate language output, wherein the intermediate language output is a representation of the first set of rule instructions and comprises at least one event operation code and at least one halt operation code, wherein the halt operation code indicates a determination with respect to a behavior; and
compiling the intermediate language output to generate the first behavior rule binary;
processing a second set of rule instructions to generate a second behavior rule binary;
generating an event hierarchy for the first behavior rule binary and the second behavior rule binary, wherein the event hierarchy comprises an indication of one or more events processed by the first behavior rule binary and the second behavior rule binary;
generating a launch chain for the first behavior rule binary and the second behavior rule binary, wherein the launch chain comprises an indication that the first behavior rule binary launches the second behavior rule binary;
generating a packaged behavior rule comprising the first behavior rule binary, the second behavior rule binary, information relating to the event hierarchy, and information relating to the launch chain; and
distributing the generated packaged behavior rule to a computing device.
|