Cyber security sharing and identification system
US-10873603-B2 · Dec 22, 2020 · US
Cyber security sharing and identification system
US11637867B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11637867-B2 |
| Application number | US-202017129563-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 21, 2020 |
| Priority date | Feb 20, 2014 |
| Publication date | Apr 25, 2023 |
| Grant date | Apr 25, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer implemented method comprising: by a computer system comprising one or more computer hardware processors and one or more storage devices, receiving first security attack data from a first entity of a plurality of entities, the first security attack data comprising information regarding one or more first security attacks; and facilitating sharing of a ruleset from the first entity to a second entity, wherein the ruleset (i) is determined by the first entity, and (ii) is associated with the first security attack data, wherein the ruleset comprises instructions selectably applicable by the second entity to detect a potential security attack, and wherein the instructions are configured to: in response to detecting the potential security attack, add data associated with the potential security attack to a cluster as a seed, wherein the cluster comprises a plurality of connected objects and a representation of the cluster is displayable in a user interface. 2. The computer implemented method of claim 1 , wherein the ruleset further comprises an IP address associated with the potential security attack. 3. The computer implemented method of claim 2 , wherein adding the data associated with the potential security attack to the cluster as the seed further comprises adding the IP address to the cluster as the seed. 4. The computer implemented method of claim 1 , further comprising: causing presentation of a ruleset user interface; and receiving, via the ruleset user interface, the instructions. 5. The computer implemented method of claim 1 , further comprising: modifying second security attack data comprising information regarding one or more second security attacks, wherein modifying the second security attack data results in modified attack data, wherein modifying the second security attack data further comprises: removing at least some data from the second security attack data; and facilitating sharing of the modified attack data to the second entity. 6. The computer implemented method of claim 5 , further comprising: identifying, based at least in part on a configuration, the at least some data to remove from the second security attack data. 7. The computer implemented method of claim 5 , wherein the at least some data comprises at least one of an IP address or a hostname. 8. Non-transitory computer storage medium comprising instructions for causing one or more computing devices to perform operations comprising: receiving first security attack data from a first entity of a plurality of entities, the first security attack data comprising information regarding one or more first security attacks; and transmitting at least a portion of a ruleset from the first entity to a second entity, wherein the ruleset (i) is determined by the first entity, and (ii) is associated with the first security attack data, wherein the ruleset comprises ruleset instructions selectably applicable by the second entity to detect a potential security attack, and wherein the ruleset instructions are configured to: in response to detecting the potential security attack, add data associated with the potential security attack to a cluster as a seed, wherein the cluster comprises a plurality of connected objects and a representation of the cluster is displayable in a user interface. 9. The non-transitory computer storage medium of claim 8 , wherein the ruleset further indicates an IP address range associated with the potential security attack. 10. The non-transitory computer storage medium of claim 8 , wherein adding the data associated with the potential security attack to the cluster as the seed further comprises adding an IP address or a user-agent string to the cluster as the seed. 11. The non-transitory computer storage medium of claim 8 , further comprising additional instructions for causing the one or more computing devices to perform additional operations comprising: causing presentation of a ruleset user interface; and receiving, via the ruleset user interface, the instructions. 12. The non-transitory computer storage medium of claim 8 , further comprising additional instructions for causing the one or more computing devices to perform additional operations comprising: modifying second security attack data comprising information regarding one or more second security attacks, wherein modifying the second security attack data results in modified attack data, wherein modifying the second security attack data further comprises: removing at least some data from the second security attack data; and facilitating sharing of the modified attack data to the second entity. 13. The non-transitory computer storage medium of claim 12 , further comprising additional instructions for causing the one or more computing devices to perform additional operations comprising: identifying, based at least in part on a configuration, the at least some data to remove from the second security attack data. 14. A system for sharing security information, the system comprising: a data storage medium; and one or more computer hardware processors in communication with the data storage medium, wherein the one or more computer hardware processors are configured to execute computer-executable instructions to at least: receive first security attack data from a first entity of a plurality of entities, the first security attack data comprising information regarding one or more first security attacks; and facilitate sharing of a ruleset from the first entity to a second entity, wherein the ruleset (i) is determined by the first entity, and (ii) is associated with the first security attack data, wherein the ruleset comprises instructions selectably applicable by the second recipient entity to detect a potential security attack, and wherein the instructions are configured to: in response to detecting the potential security attack, add data associated with the potential security attack to a cluster as a seed, wherein the cluster comprises a plurality of connected objects and a representation of the cluster is displayable in a user interface. 15. The system of claim 14 , wherein the one or more computer hardware processors are configured to execute additional computer-executable instructions to at least: cause presentation of a ruleset user interface; and receive, via the ruleset user interface, the instructions. 16. The system of claim 14 , wherein the one or more computer hardware processors are configured to execute additional computer-executable instructions to at least: modify second security attack data comprising information regarding one or more second security attacks, wherein modifying the second security attack data results in modified attack data, wherein modifying the second security attack data further comprises: removing at least some data from the second security attack data; and facilitate sharing of the modified attack data to the second entity. 17. The system of claim 16 , wherein the one or more computer hardware processors are configured to execute additional computer-executable instructions to at least: identify, based at least in part on a configuration, the at least some data to remove from the second security attack data. 18. The system of claim 14 , wherein the ruleset comprises additional instructions selectably applicable by the second entity to execute against a second proxy of the second entity, wherein the additional instructions are further selectably applicable by the first entity to execute against a
Assignees
Inventors
Classifications
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Detecting local intrusion or implementing counter-measures · CPC title
for detecting or protecting against malicious traffic · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11637867B2 cover?
- Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive in…
- Who is the assignee on this patent?
- Palantir Technologies Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 25 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).