	US 12,405,849 B1
	Transitive identity usage tracking by a data platform
Theodore M. Reed, Berkeley Heights, NJ (US); Sowmya A. Karmali, Tustin, CA (US); Christopher E. Pedigo, Menlo Park, CA (US); Xiaofei Guo, Sunnyvale, CA (US); and Yijou Chen, Cupertino, CA (US)
Assigned to Fortinet, Inc., Sunnyvale, CA (US)
Filed by Fortinet, Inc., Sunnyvale, CA (US)
Filed on Mar. 30, 2023, as Appl. No. 18/128,833.
Application 18/128,833 is a continuation in part of application No. 18/119,045, filed on Mar. 8, 2023, granted, now 11,882,141.
Application 18/119,045 is a continuation of application No. 17/510,179, filed on Oct. 25, 2021, granted, now 11,637,849, issued on Apr. 25, 2023.
Application 17/510,179 is a continuation of application No. 16/786,822, filed on Feb. 10, 2020, granted, now 11,157,502, issued on Oct. 26, 2021.
Application 16/786,822 is a continuation of application No. 16/134,806, filed on Sep. 18, 2018, granted, now 10,614,071, issued on Apr. 7, 2020.
Claims priority of provisional application 63/440,544, filed on Jan. 23, 2023.
Claims priority of provisional application 62/650,971, filed on Mar. 30, 2018.
Claims priority of provisional application 62/590,986, filed on Nov. 27, 2017.
Int. Cl. G06F 11/07 (2006.01); G06F 11/34 (2006.01); G06F 21/60 (2013.01)

CPC G06F 11/0793 (2013.01) [G06F 11/3433 (2013.01); G06F 21/604 (2013.01); G06F 2221/2141 (2013.01)]

16 Claims

1. A method comprising:

tracking, by a data platform configured to monitor a compute environment, a plurality of identity transitions that occur over time with respect to an entity, wherein each of the plurality of identity transitions includes a transition by the entity from being associated with one identity to being associated with another identity, the one identity and the another identity having different permission sets with respect to resources within the compute environment, wherein the plurality of identity transitions comprises one or more of:

a first type of identity transition in which the entity uses a first role to assume a second rote;

a second type of identity transition in which the entity joins a group that has a different permission set with respect to the resources than the entity; and

a third type of identity transition in which the entity uses a first identity to create a second identity for the entity;

determining, by the data platform while performing the tracking, that an attribute of the plurality of identity transitions satisfies a predetermined criterion; and

performing, by the data platform based on the attribute of the plurality of transitions satisfying the predetermined criterion, a remedial action associated with the entity, wherein the criterion includes determining that the total number of transitions exceeds a threshold.