US 12,455,966 B1
Cybersecurity threat detection utilizing sensor-based aggregated runtime execution data
Amir Lande Blau, Tel Aviv (IL); Michael Aminov, Givatayim (IL); Arik Nemtsov, New York, NY (US); Udi Reitblat, Tel Aviv (IL); Shahar Yakov, Givatayim (IL); Jonathan Doron, Herzliya (IL); Eliad Peller, Gimzo (IL); and Gal De Leon, Tel Aviv (IL)
Assigned to Wiz, Inc., New York, NY (US)
Filed by Wiz, Inc., New York, NY (US)
Filed on Nov. 27, 2024, as Appl. No. 18/962,559.
Int. Cl. G06F 21/00 (2013.01); G06F 21/56 (2013.01); H04L 9/40 (2022.01)
CPC G06F 21/566 (2013.01) [H04L 63/1433 (2013.01)] 15 Claims
OG exemplary drawing
 
1. A method for cybersecurity threat detection using an activity baseline generated based on sensor-detected runtime execution data, comprising:
receiving aggregated runtime data from a sensor deployed on a resource in a cloud computing environment;
generating an event log based on the aggregated runtime data, each event in the event log generated by extracting event data from the aggregated runtime data;
generating an activity baseline for a process executed on the resource based on the event log;
defining at least one of an independent variable and at least one of a dependent variable from the event data;
fitting the at least one of defined independent variable and at least one of dependent variable into a linear regression model to predict the activity baseline of a resource for a future time period;
receiving a new event from the sensor; and
determining that the new event is anomalous based on the generated activity baseline.