US 11,973,793 B2
Bifurcating security event processing
Austin Lee, Burbank, CA (US); and Gerardo Perez, Torrance, CA (US)
Assigned to Rapid7, Inc., Boston, MA (US)
Filed by Rapid7, Inc., Boston, MA (US)
Filed on Jan. 19, 2023, as Appl. No. 18/098,749.
Application 18/098,749 is a continuation of application No. 16/454,617, filed on Jun. 27, 2019, granted, now 11,588,844.
Prior Publication US 2023/0164168 A1, May 25, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 16/835 (2019.01); G06F 16/84 (2019.01); G06F 21/62 (2013.01); H04L 67/1097 (2022.01)
CPC H04L 63/1433 (2013.01) [G06F 16/8373 (2019.01); G06F 16/86 (2019.01); G06F 16/88 (2019.01); G06F 21/62 (2013.01); H04L 67/1097 (2013.01); G06F 2221/21 (2013.01)] 15 Claims
OG exemplary drawing
 
1. A method, comprising:
maintaining a document index distinct from a document store implemented on a distributed search cluster, wherein:
the document store stores, as structured or semi-structured documents, user-defined automated tasks to be performed in response to security events, and
the document index stores at least some of the structured or semi-structured documents in the document store;
detecting occurrence of a security event;
intercepting a search request associated with the security event expressed as a domain specific language (DSL) query directed to the distributed search cluster;
without issuing the search request to the distributed search cluster or the document store:
determining that a structured or semi-structured document in the document index matches the DSL query in the search request; and
answering the search request using the structured or semi-structured document in the document.