| CPC G06F 21/554 (2013.01) [G06F 16/951 (2019.01); G06F 21/577 (2013.01); G06F 2221/034 (2013.01)] | 20 Claims |
|
1. A computerized system comprising:
one or more computer processors; and
computer memory storing computer-useable instructions that, when used by the one or more computer processors, cause the one or more computer processors to perform operations comprising:
accessing a data structure comprises of comprising a plurality of nodes and a plurality of edges, wherein the data structure is a representation of a computing environment;
identifying a target node from the data structure;
traversing a plurality of related nodes connected to the target node based on a set of edges connecting the target node to a plurality of related nodes;
based on traversing the plurality of related nodes, determining that a root-cause condition has been met, wherein the root-cause condition is associated with a node, the root-cause condition corresponds to a suspected or actual originating cause of a malicious activity in the computing environment;
based on determining that the root-cause condition that is associated with the node has been met, identifying a sub-graph of the data structure based on insights associated with the plurality of related nodes plurality of nodes and the plurality of edges of the data structure, wherein the insights of the plurality of related nodes support determining that the root-cause condition has been met; and
notifying an anomaly detection system to output at least a portion of the sub-graph of the data structure.
|