	US 11,997,122 B2
	Systems and methods for analyzing cybersecurity events
Michael Lowney, Arlington, VA (US); Phillip Baker Schafer, Columbia, MD (US); Alexander Michael Conn, Arlington, VA (US); Patrick Collard, Arlington, VA (US); and Stephen Kinser, Arlington, VA (US)
Assigned to IronNet Cybersecurity, Inc., McLean, VA (US)
Filed by IronNet Cybersecurity, Inc., McLean, VA (US)
Filed on Oct. 3, 2022, as Appl. No. 17/958,625.
Application 17/958,625 is a continuation of application No. 16/742,975, filed on Jan. 15, 2020, granted, now 11,477,223.
Prior Publication US 2023/0033117 A1, Feb. 2, 2023
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01)

CPC H04L 63/1425 (2013.01)

14 Claims

1. A method of analyzing cybersecurity events in at least one network environment in real time comprising steps of:

receiving, in real time, data originating from the at least one network environment;

processing, in real time, the received data producing a plurality of events in response to the processing;

normalizing and transforming features of the plurality of events into a single representative feature type;

creating feature hashes as a function of feature vectors comprising using multiple hashing functions that preserve locality of feature vectors;

inserting the plurality of events and corresponding feature vectors into a hash table;

finding candidate correlated events comprising looking up events having a prescribed similarity metric in the hash table;

storing the candidate correlated events having been found in a data store.