US 12,489,770 B1
Agent-based monitoring of a registry space of a compute asset within a compute environment
Maximilien P. Fechner, Arlington, MA (US); Rushikesh P. Patil, Maharashtra (IN); Shawn J. Marriott, St. Catharines, CA (US); Antons Rebguns, Austin, TX (US); Joseph M. Wilder, Natick, MA (US); and Yijou Chen, Cupertino, CA (US)
Assigned to Fortinet, Inc., Sunnyvale, CA (US)
Filed by Fortinet, Inc., Sunnyvale, CA (US)
Filed on Aug. 31, 2022, as Appl. No. 17/900,468.
Application 17/900,468 is a continuation in part of application No. 17/893,721, filed on Aug. 23, 2022, granted, now 12,363,148.
Application 17/893,721 is a continuation in part of application No. 17/504,311, filed on Oct. 18, 2021, granted, now 11,677,772.
Application 17/504,311 is a continuation of application No. 16/665,961, filed on Oct. 28, 2019, granted, now 11,153,339, issued on Oct. 19, 2021.
Application 16/665,961 is a continuation of application No. 16/134,794, filed on Sep. 18, 2018, granted, now 10,581,891, issued on Mar. 30, 2020.
Claims priority of provisional application 62/590,986, filed on Nov. 27, 2017.
Claims priority of provisional application 62/650,971, filed on Mar. 30, 2018.
Claims priority of provisional application 63/239,288, filed on Aug. 31, 2021.
Claims priority of provisional application 63/239,275, filed on Aug. 31, 2021.
Claims priority of provisional application 63/239,310, filed on Aug. 31, 2021.
Claims priority of provisional application 63/239,262, filed on Aug. 31, 2021.
Claims priority of provisional application 63/392,300, filed on Jul. 26, 2022.
Int. Cl. H04L 9/40 (2022.01); G06F 9/455 (2018.01); G06F 9/54 (2006.01); G06F 16/2455 (2019.01); G06F 16/901 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/00 (2013.01); G06F 21/56 (2013.01); G06F 21/57 (2013.01); H04L 43/045 (2022.01); H04L 43/06 (2022.01); H04L 67/306 (2022.01); H04L 67/50 (2022.01)
CPC H04L 63/1425 (2013.01) [G06F 9/455 (2013.01); G06F 9/545 (2013.01); G06F 16/9024 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/566 (2013.01); G06F 21/568 (2013.01); G06F 21/57 (2013.01); H04L 43/045 (2013.01); H04L 43/06 (2013.01); H04L 63/10 (2013.01); H04L 67/306 (2013.01); H04L 67/535 (2022.05); G06F 16/2456 (2019.01)] 29 Claims
OG exemplary drawing
 
1. A method comprising:
monitoring, by a data platform, a compute asset within a compute environment, the monitoring including receiving registry data collected, by an agent deployed to the compute asset, from a registry space of the compute asset;
determining, by the data platform based on the registry data collected by the agent, that a change within the registry space of the compute asset is associated with a security threat to the compute asset, including determining that value data associated with an autorun registry key within the registry space has been changed to cause executable program code designated by the value data to automatically be executed upon occurrence of an autorun event associated with the autorun registry key; and
performing, by the data platform based on the determining that the change within the registry space is associated with the security threat, an action configured to facilitate remediation of the security threat.