&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12373553.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,373,553 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>State-based detection of anomalous API calls within a real-time data stream</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Stanislav Babourine,  Walnut Creek, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Salesforce, Inc.,  San Francisco, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Salesforce, Inc.,  San Francisco, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Sep.  17, 2021, as Appl. No. 17/478,353.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2023/0090132 A1, Mar.  23, 2023</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/55</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/554</b></i> (2013.01)&#xa0;[<i>G06F 2221/034</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12373553-20250729-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. One or more non-transitory computer-readable media storing computer-executable instructions that, when executed by a processor, perform a method for detecting anomalous data within a real-time data stream, the method comprising:<div class="claim_text">receiving the real-time data stream from a real-time data source, the real-time data stream comprising a plurality of log entries, individual log entries of the plurality of log entries including a plurality of data elements, wherein at least one data element of the plurality of data elements is obtained from an application programming interface (API) call, the real-time data source being a group-based communication system and the real-time data stream including group-based communication data associated with the group-based communication system, the group-based communication data including activity within communication channels by users that are authorized to access the communication channels;</div>
                <div class="claim_text">filtering, as the real-time data stream is being received, the real-time data stream based at least in part on one or more filter criteria to obtain a filtered real-time data stream comprising a subset of the plurality of log entries;</div>
                <div class="claim_text">generating a modified stored state by modifying a stored state corresponding to one or more log entry data elements of a particular type based at least in part on a determination that a log entry of the subset of the plurality of log entries is of the particular type, wherein the modified stored state corresponds to one or more failed log-in attempts by a particular user of the users of the group-based communication system and the particular type corresponds to a count of the one or more failed log-in attempts;</div>
                <div class="claim_text">determining whether the count meets or exceeds a predetermined threshold;</div>
                <div class="claim_text">determining that the modified stored state is an anomalous state based at least in part on the count meeting or exceeding the predetermined threshold; and</div>
                <div class="claim_text">in response to determining that the modified stored state is the anomalous state, taking one or more remediation actions.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>