| CPC G06F 21/554 (2013.01) [G06F 21/564 (2013.01); G06F 21/566 (2013.01)] | 20 Claims |
|
1. A system comprising:
one or more processors; and
one or more non-transitory computer-readable media storing computer-executable instructions that, when executed, cause the one or more processors to perform operations comprising:
receiving detection data comprising a) event information in a data stream associated with a computing device, and b) metadata associated with an event;
determining an identifier for the event based at least in part on applying a function to the detection data;
receiving a set of identifiers associated with a set of events from a previous time;
determining a value indicating similarity between the identifier and each identifier in the set of identifiers; and
configuring recommendation data for the computing device based at least in part on the value, the recommendation data including information indicating a portion of the data stream to protect from a future malicious event.
|