US 12,333,010 B1
System and method for generating a partitioned view of a security graph in a cloud computing environment
Avihai Berkovitz, Tel Aviv (IL); Raaz Herzberg, Tel Aviv (IL); Ami Luttwak, Binyamina (IL); Roy Reznik, Tel Aviv (IL); Shai Keren, Tel Aviv (IL); and Yinon Costica, Tel Aviv (IL)
Assigned to Wiz, Inc., New York, NY (US)
Filed by Wiz, Inc., Palo Alto, CA (US)
Filed on Nov. 11, 2021, as Appl. No. 17/524,437.
Int. Cl. G06F 21/57 (2013.01); G06F 16/21 (2019.01); G06F 16/901 (2019.01)
CPC G06F 21/57 (2013.01) [G06F 16/212 (2019.01); G06F 16/9024 (2019.01); G06F 2221/034 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A method for generating a subgraph view of a security graph, comprising:
generating a node in a security graph to represent an element of a first cloud environment based on a predefined data schema, the predefined data schema comprising at least: a principal data object structure and a resource data object structure, wherein the security graph includes a representation of the first cloud environment;
generating a first tag as a data field in a graph database storing therein the security graph, the security graph further including a plurality of nodes, wherein at least a first portion of the plurality of nodes correspond each to a principal, and at least a second portion of the plurality of nodes correspond each to a resource;
selecting a node from the plurality of nodes;
associating the selected node with the generated first tag; and
generating a subgraph, the subgraph comprising at least the selected node associated with the generated first tag and each child node of the at least the selected node.