US 12,341,797 B1
Composite events indicative of multifaceted security threats within a compute environment
David Nellinger Adamson, Oakland, CA (US); Ting-Fang Yen, Palo Alto, CA (US); Andrew D. Twigg, Belmont, CA (US); Isha Singhal, Milpitas, CA (US); and Yijou Chen, Cupertino, CA (US)
Assigned to Fortinet, Inc., Sunnyvale, CA (US)
Filed by Lacework, Inc., Mountain View, CA (US)
Filed on Mar. 31, 2023, as Appl. No. 18/129,243.
Application 18/129,243 is a continuation in part of application No. 18/119,045, filed on Mar. 8, 2023, granted, now 11,882,141.
Application 18/119,045 is a continuation of application No. 17/510,179, filed on Oct. 25, 2021, granted, now 11,637,849, issued on Apr. 25, 2023.
Application 17/510,179 is a continuation of application No. 16/786,822, filed on Feb. 10, 2020, granted, now 11,157,502, issued on Oct. 26, 2021.
Application 16/786,822 is a continuation of application No. 16/134,806, filed on Sep. 18, 2018, granted, now 10,614,071, issued on Apr. 7, 2020.
Claims priority of provisional application 63/394,765, filed on Aug. 3, 2022.
Claims priority of provisional application 63/351,607, filed on Jun. 13, 2022.
Claims priority of provisional application 63/333,751, filed on Apr. 22, 2022.
Claims priority of provisional application 62/650,971, filed on Mar. 30, 2018.
Claims priority of provisional application 62/590,986, filed on Nov. 27, 2017.
Int. Cl. G06F 7/00 (2006.01); G06F 9/455 (2018.01); G06F 9/54 (2006.01); G06F 16/901 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 9/40 (2022.01); H04L 43/045 (2022.01); H04L 43/06 (2022.01); H04L 67/306 (2022.01); H04L 67/50 (2022.01); G06F 16/2455 (2019.01)
CPC H04L 63/1425 (2013.01) [G06F 9/455 (2013.01); G06F 9/545 (2013.01); G06F 16/9024 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 43/045 (2013.01); H04L 43/06 (2013.01); H04L 63/10 (2013.01); H04L 67/306 (2013.01); H04L 67/535 (2022.05); G06F 16/2456 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
detecting, by a data platform monitoring a compute environment, a first event that occurs within the compute environment and is associated with a first alert score;
detecting, by the data platform, a second event that occurs within the compute environment and is associated with a second alert score;
identifying, by the data platform, an affiliation between the first event and the second event based on a predefined criteria of a multifaceted security threat; and
presenting, by the data platform based on the identifying of the affiliation, the first and second events as a composite event indicative of the multifaceted security threat and associated with a third alert score different from the first and second alert scores.