US 12,316,652 B2
Invoking response(s) based on analysis of a dataset obtained from searching a security endpoint
Sulakshan Vajipayajula, Suwanee, GA (US); Paul Coccoli, Marietta, GA (US); and Xiaokui Shu, Ossining, NY (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Jul. 13, 2022, as Appl. No. 17/864,270.
Prior Publication US 2024/0022578 A1, Jan. 18, 2024
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1416 (2013.01) [H04L 63/1433 (2013.01); H04L 63/145 (2013.01)] 25 Claims
OG exemplary drawing
 
1. A computer-implemented method, comprising:
causing a first search to be performed for data on a first security endpoint of a first federated search environment;
organizing information about the first search into steps and variables, wherein a result of performance of the steps includes the variables, wherein the steps include commands iteratively executed during the first search;
running security analytics on a dataset of the data uncovered during the first search;
detecting first behavior on a second security endpoint of a second federated search environment, wherein the first behavior is associated with parameters and metrics of second behavior of the first security endpoint that existed during development of the steps and variables; and
in response to the detection of the first behavior, reusing the steps and variables to perform a second search on a second security endpoint of the second federated search environment,
wherein the reusing the steps and variables to perform the second search includes iteratively executing the commands during the second search.