	US 12,488,023 B2
	Access logs for network entities type classification
Shiri Margel, Petak Tikva (IL); and Yury Geiler, Holon (IL)
Assigned to Imperva, Inc., San Mateo, CA (US)
Filed by Imperva, Inc., San Mateo, CA (US)
Filed on May 31, 2024, as Appl. No. 18/731,116.
Application 18/731,116 is a continuation of application No. 17/654,040, filed on Mar. 8, 2022, granted, now 12,032,601.
Application 17/654,040 is a continuation of application No. 16/233,074, filed on Dec. 26, 2018, granted, now 11,301,496, issued on Apr. 12, 2022.
Prior Publication US 2024/0320243 A1, Sep. 26, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 16/28 (2019.01); H04L 9/40 (2022.01); H04L 43/04 (2022.01)

CPC G06F 16/285 (2019.01) [H04L 43/04 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01)]

20 Claims

1. A method by a computing system to classify network entities, the method comprising:

receiving, by a first stage classifier of a network entity type classifier, database logs from a database log retriever and enterprise directory information from an enterprise directory information retriever;

attempting to classify, by the first stage classifier during a first stage, a plurality of network entities appearing in the database logs into network entity types based on analyzing the database logs and the enterprise directory information;

clustering, by a clustering component, the plurality of network entities into groups based on host name;

providing an output of the clustering component to a second stage classifier of the network entity type classifier;

classifying, by the second stage classifier during a second stage, one or more network entities of the plurality of network entities that were not able to be classified during the first stage into network entity types based on group types of the groups that the one or more network entities were clustered into; and

outputting a host name and a network entity type of each of the plurality of network entities after the second stage.