&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12346447.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,346,447 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Systems, methods, and graphical user interfaces for configuring and implementing computer-executable detection instructions in a cybersecurity threat detection and mitigation platform</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Dan Whalen,  Herndon, VA (US); and  Patrick Edgett,  Westminster, CO (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Expel, Inc.,  Herndon, VA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Expel, Inc.,  Herndon, VA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Aug.  2, 2024, as Appl. No. 18/793,483.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/793,483 is a continuation in part of application No. 18/749,222, filed on Jun.  20, 2024.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 63/533,238, filed on Aug.  17, 2023.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 63/521,968, filed on Jun.  20, 2023.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2025/0036765 A1, Jan.  30, 2025</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/56</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/566</b></i> (2013.01)&#xa0;[<i>G06F 2221/034</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>19 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12346447-20250701-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A computer-implemented method for accelerating a detection of a cybersecurity threat, the method comprising:<div class="claim_text">obtaining, via one or more processors, a third-party security event that involves a digital asset or computing asset of a subscriber;</div>
                <div class="claim_text">generating a technology source-agnostic security event signal for the third-party security event based on routing the third-party security event to an event normalization service;</div>
                <div class="claim_text">identifying, via the one or more processors, a technology source-agnostic security event signal type that corresponds to the technology source-agnostic security event signal in response to generating the technology source-agnostic security event signal;</div>
                <div class="claim_text">retrieving, via the one or more processors, a corpus of computer-executable detection instructions digitally mapped to the technology source-agnostic security event signal type based on querying a detection instructions retrieval application programming interface (API);</div>
                <div class="claim_text">assessing, via the one or more processors, the technology source-agnostic security event signal against each computer-executable detection instruction included in the corpus of computer-executable detection instructions;</div>
                <div class="claim_text">generating, via the one or more processors, a prospective security alert based on the technology source-agnostic security event signal satisfying a set of alerting conditions of one of the computer-executable detection instructions of the corpus of computer-executable detection instructions; and</div>
                <div class="claim_text">instantiating, via the one or more processors, a detection-building graphical user interface for constructing a target automated detection instruction based on receiving a request from a user, wherein the detection-building graphical user interface includes:<div class="claim_text">a plurality of detection-identifying user interface input elements configured to receive, from the user, one or more strings of text that characterize the target automated detection instruction, and</div>
                  <div class="claim_text">a set of user interface buttons, that when operated, is configured to control whether the target automated detection instruction is used for only the subscriber or across all subscribers subscribing to a cybersecurity event detection and response service.</div>
                </div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>