	US 12,250,238 B2
	Threat detection using cloud resource management logs
Roy Levin, Haifa (IL); Ram Haim Pliskin, Rishon Lezion (IL); and Johnathan Samuel Simon, Redmond, WA (US)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Jun. 9, 2023, as Appl. No. 18/208,022.
Application 18/208,022 is a continuation of application No. 17/333,534, filed on May 28, 2021, granted, now 11,716,340.
Prior Publication US 2023/0344849 A1, Oct. 26, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 67/10 (2022.01); H04L 67/50 (2022.01)

CPC H04L 63/1425 (2013.01) [H04L 67/10 (2013.01); H04L 67/535 (2022.05)]

20 Claims

1. A method for cloud resource security management, the method comprising:

obtaining a cloud resource management log, the cloud resource management log generated by a portal monitor, the cloud resource management log details actions performed by a group of users on cloud resources through a portal resulting in logged actions, the portal is monitored by the portal monitor, the logged actions comprising log ins of individuals of the group of users, alteration of connections between the cloud resources, and deployment of further cloud resources through the portal;

based on the logged actions,

determining a score for an action of the logged actions;

comparing the score to a specified criterion; and

providing an indication of anomalous action in response to determining the score satisfies the specified criterion.