US 12,413,603 B2
Risk based priority processing of data
Christopher L. Petersen, Boulder, CO (US); and Mark Vankempen, Boulder, CO (US)
Assigned to LogRhythm, Inc., Broomfield, CO (US)
Filed by LogRhythm, Inc., Boulder, CO (US)
Filed on Dec. 30, 2022, as Appl. No. 18/148,743.
Application 18/148,743 is a continuation of application No. 16/889,579, filed on Jun. 1, 2020, granted, now 11,546,352.
Application 16/889,579 is a continuation of application No. 16/116,335, filed on Aug. 29, 2018, granted, now 10,673,868, issued on Jun. 2, 2020.
Application 16/116,335 is a continuation of application No. 15/187,947, filed on Jun. 21, 2016, granted, now 10,091,217, issued on Oct. 2, 2018.
Prior Publication US 2023/0254325 A1, Aug. 10, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 21/55 (2013.01)
CPC H04L 63/1408 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); G06F 21/552 (2013.01); G06F 21/554 (2013.01)] 2 Claims
OG exemplary drawing
 
1. A computer-based system for use in monitoring data generated by one or more data systems, the system comprising:
a processor; and
non-transitory computer readable media accessible by the processor, wherein the non-transitory computer readable media includes:
a database including:
a first list of known hosts of the one or more data systems and respective relative risk or threat levels for the known hosts;
a second list of known network ranges of the one or more data systems and respective relative risk or threat levels for the known network ranges;
a third list of default relative risk or threat levels for origin host components responsible for initiating an occurrence on the one or more data systems; wherein the third list of default relative risk or threat levels for origin host components responsible for initiating an occurrence on the one or more data systems includes an external host default threat level for when an origin host component is inferred to be an external host and an internal host default threat level for when the origin host component is inferred to be an internal host and
a fourth list of default relative risk or threat levels for impacted host components that are affected by an occurrence on the one or more data systems; and
a set of computer-readable instructions that are executable by the processor to:
receive data generated by one or more data systems over at least one network;
parse, from the received data, at least one of an origin host identifier associated with an origin host component responsible for initiating an occurrence on the one or more data systems and an impacted host identifier associated with an impacted host component that is affected by an occurrence on the one or more data systems;
determine that the at least one of the parsed origin host identifier or impacted host identifier cannot be used to obtain a relative risk or threat level from the first list; and
access one or more of the second, third and fourth lists to obtain a relative risk or threat level with the at least one of the parsed origin host identifier or impacted host identifier.