US 11,853,779 B2
System and method for distributed security forensics
Liron Levin, Herzliya (IL); Dima Stopel, Herzliya (IL); Ami Bizamcher, Kiryat Ono (IL); Michael Kletselman, Tel Aviv (IL); and John Morello, La, CA (US)
Assigned to Twistlock, Ltd., Herzliya (IL)
Filed by Twistlock, Ltd., Herzliya (IL)
Filed on Oct. 15, 2021, as Appl. No. 17/502,633.
Application 17/502,633 is a continuation of application No. 16/897,951, filed on Jun. 10, 2020, granted, now 11,175,945.
Application 16/897,951 is a continuation of application No. 16/144,320, filed on Sep. 27, 2018, granted, now 10,740,135, issued on Aug. 11, 2020.
Claims priority of provisional application 62/700,586, filed on Jul. 19, 2018.
Prior Publication US 2022/0058050 A1, Feb. 24, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 9/455 (2018.01); H04L 9/40 (2022.01); G06F 16/23 (2019.01); G06N 20/00 (2019.01); G06F 21/53 (2013.01); G06F 9/445 (2018.01); G06F 21/51 (2013.01); G06F 21/54 (2013.01); G06F 18/214 (2023.01)
CPC G06F 9/455 (2013.01) [G06F 9/44505 (2013.01); G06F 9/45558 (2013.01); G06F 16/2379 (2019.01); G06F 18/214 (2023.01); G06F 21/51 (2013.01); G06F 21/53 (2013.01); G06F 21/54 (2013.01); G06N 20/00 (2019.01); H04L 63/20 (2013.01); G06F 2009/45583 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45591 (2013.01); G06F 2009/45595 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for efficient distributed security forensics using process path codes, comprising:
creating, at a host device configured to run a virtualization entity, an event index for the virtualization entity;
encoding a plurality of events related to the virtualization entity, wherein each event includes a process having a process path; and
updating the event index based on the encoded plurality of events.