公开(公告)号：US12118095B1

公开(公告)日：2024-10-15

申请号：US17389692

申请日：2021-07-30

申请人： Rapid7, Inc.

发明人： Stuart Millar ,  Denis Podgurskii

IPC分类号： H04L29/04 ,  G06F21/00 ,  G06F21/57 ,  G06N20/00

CPC分类号： G06F21/577 ,  G06N20/00 ,  G06F2221/034

摘要： Various embodiments include systems and methods of implementing a machine learning model for calculating confidence scores associated with potential security vulnerabilities. The machine learning model is trained using vulnerability data associated with a set of previously identified vulnerabilities, where the vulnerability data indicates whether a previously identified vulnerability is a true positive or a false positive. In some embodiments, scan traffic data may be obtained. The scan traffic data may be associated with potential security vulnerabilities detected via scan engine(s) that implement application security testing. The machine learning model may be used to determine respective confidence scores for each potential security vulnerability. According to some embodiments, responsive to a request for scan findings associated with a particular application, the respective confidence scores may be displayed via a vulnerability analysis graphical user interface.

公开(公告)号：US12101342B2

公开(公告)日：2024-09-24

申请号：US17336593

申请日：2021-06-02

申请人： Rapid7, Inc.

发明人： Dustin Myers ,  Vasudha Shivamoggi ,  Roy Hodgman

IPC分类号： H04L9/40 ,  H04L41/142 ,  H04L43/04 ,  H04L43/062 ,  H04L43/065 ,  H04L43/067 ,  H04L43/16

CPC分类号： H04L63/1425 ,  H04L41/142 ,  H04L43/04 ,  H04L43/062 ,  H04L43/065 ,  H04L43/067 ,  H04L43/16 ,  H04L63/1441

摘要： Disclosed herein are methods, systems, and processes for detecting data exfiltration. A data exfiltration event in a network is detected. Traffic data regarding outgoing traffic of a source in the network associated with the data exfiltration event is received. A logarithmic transformation is applied to the traffic data to generate transformed data. An outlier identification technique is selected based on the transformed data and is executed on the transformed data to determine that the outgoing traffic is indicative of the data exfiltration event. An alert is generated in response to the determination that the outgoing traffic is indicative of the data exfiltration event.

公开(公告)号：US12095800B1

公开(公告)日：2024-09-17

申请号：US17512798

申请日：2021-10-28

申请人： Rapid7, Inc.

发明人： Paul Miseiko ,  James Cancilla

IPC分类号： H04L9/40 ,  G06F9/50

CPC分类号： H04L63/1433 ,  G06F9/5005

摘要： Various embodiments include systems and methods of implementing automated assessment scheduling. A particular automated assessment may be automatically performed based at least in part on an assessment configuration and scan engine resource(s) of an organization. Based at least in part on performance of the particular automated assessment, a scan engine utilization assessment may be performed to determine a scan engine utilization value that represents utilization of the scan engine resource(s) with respect to resource requirements that are based at least in part on the set of attributes of the assessment configuration. Based at least in part on the scan engine utilization assessment, a particular resource utilization recommendation may be generated. The particular resource utilization recommendation may correspond to a first resource utilization recommendation to allocate additional scan engine resources or a second resource utilization recommendation to allocate fewer scan engine resources.

公开(公告)号：US12088600B1

公开(公告)日：2024-09-10

申请号：US17024481

申请日：2020-09-17

申请人： Rapid7, Inc.

发明人： Jocelyn Beauchesne ,  John Lim Oh ,  Vasudha Shivamoggi ,  Roy Donald Hodgman

IPC分类号： H04L9/00 ,  G06N20/00 ,  G16B40/30 ,  H04L9/40

CPC分类号： H04L63/1416 ,  G06N20/00 ,  G16B40/30 ,  H04L63/0823

摘要： An anomaly detection system is disclosed capable of reporting anomalous processes or hosts in a computer network using machine learning models trained using unsupervised training techniques. In embodiments, the system assigns observed processes to a set of process categories based on the file system path of the program executed by the process. The system extracts a feature vector for each process or host from the observation records and applies the machine learning models to the feature vectors to determine an outlier metric each process or host. The processes or hosts with the highest outlier metrics are reported as detected anomalies to be further examined by security analysts. In embodiments, the machine learnings models may be periodically retrained based on new observation records using unsupervised machine learning techniques. Accordingly, the system allows the models to learn from newly observed data without requiring the new data to be manually labeled by humans.

公开(公告)号：US20240297795A1

公开(公告)日：2024-09-05

申请号：US18661422

申请日：2024-05-10

申请人： Rapid7, Inc.

发明人： Stuart Millar ,  Ralph McTeggart

IPC分类号： H04L9/32 ,  G06N3/0455 ,  G06N3/08 ,  H04L9/40 ,  H04L41/06 ,  H04L41/12 ,  H04L41/16

CPC分类号： H04L9/3247 ,  G06N3/0455 ,  G06N3/08 ,  H04L9/3236 ,  H04L41/06 ,  H04L41/12 ,  H04L41/16 ,  H04L63/0876 ,  H04L63/10 ,  H04L63/20

摘要： Techniques for associating assets related to events detected in at least one computer network with respective assets in an asset catalog for the at least one computer network. The techniques comprising: obtaining information about an event related to a first asset, the information specifying computer network addressing information for the first asset; generating a signature of the first asset from the computer network addressing information using at least one trained machine learning model, wherein the signature comprises a numeric representation of the first asset; associating the first asset with at least one asset in the asset catalog using the signature and at least one signature of the at least one asset in the asset catalog, wherein the at least one signature was previously determined using the at least one trained machine learning model; and outputting information identifying the at least one asset with which the first asset was associated.

公开(公告)号：US12069084B1

公开(公告)日：2024-08-20

申请号：US17694802

申请日：2022-03-15

申请人： Rapid7, Inc.

发明人： Emmett Kelly ,  Paul Miseiko

IPC分类号： H04L29/06 ,  H04L9/40

CPC分类号： H04L63/1433

摘要： Various embodiments include systems and methods to implement network scanner timeouts based at least in part on historical network conditions. The implementing comprises initiating, using one or more network scanners and according to a first set of timeout parameters, a first security assessment of one or more scan targets in a network, wherein the first set of timeout parameters comprises a first initial round trip time (RTT)-timeout parameter value to which a dynamic RTT-timeout value is initially set. The implementing comprises determining a first set of RTT statistics for the first security assessment. The implementing comprises determining, based at least in part on the first set of RTT statistics, a second set of timeout parameters for a second security assessment of the one or more scan targets. The implementing comprises initiating, according to the second set of timeout parameters, the second security assessment of the one or more scan targets.

公开(公告)号：US12068924B2

公开(公告)日：2024-08-20

申请号：US18197980

申请日：2023-05-16

申请人： Rapid7, Inc.

发明人： Seamus Cawley ,  David Tracey

IPC分类号： G06F15/173 ,  H04L41/147 ,  H04L43/045 ,  H04L43/067 ,  H04L43/16

CPC分类号： H04L41/147 ,  H04L43/045 ,  H04L43/067 ,  H04L43/16

摘要： Systems and methods are disclosed to implement a time series anomaly detection system that uses configurable statistical control rules (SCRs) and a forecasting system to detect anomalies in a time series data (e.g. fluctuating values of a network activity metric). In embodiments, the system forecasts future values of the time series data along with a confidence interval based on seasonality characteristics of the data. The time series data is monitored for anomalies by comparing actual observed values in the time series with the predicted values and confidence intervals, according to the SCRs. The SCRs may be defined and tuned via a configuration interface that allows users to visually see how different SCRs perform over real data. Advantageously, the disclosed system allows users to create custom anomaly detection triggers for different types of time series data, without use of a monolithic detection model which can be difficult to tune.

公开(公告)号：US12067415B1

公开(公告)日：2024-08-20

申请号：US18098180

申请日：2023-01-18

申请人： Rapid7, Inc.

发明人： Luke Coughlan ,  Gianni Tedesco ,  Morgan Nally

IPC分类号： G06F9/48 ,  G06F9/445

CPC分类号： G06F9/4812 ,  G06F9/44505

摘要： Various embodiments include systems and methods pertaining to a network sensor host configured to implement a receive side scaling (RSS) configuration component in a security environment. The RSS configuration component may be used to automatically generate an RSS configuration comprising one or more settings customized for the network sensor host based at least in part on hardware information of the network sensor host. In some embodiments, the RSS configuration may be applied to change settings of a network interface driver of the network sensor host, e.g., to implement RSS and multithreading for network sensor tasks.

公开(公告)号：US11956260B2

公开(公告)日：2024-04-09

申请号：US18144357

申请日：2023-05-08

申请人： Rapid7, Inc.

发明人： Vasudha Shivamoggi ,  Roy Donald Hodgman ,  Katherine Wilbur

IPC分类号： H04L9/40 ,  G06F21/55

CPC分类号： H04L63/1416 ,  G06F21/552 ,  H04L63/1425 ,  H04L63/1441

摘要： Systems and methods are disclosed to implement a cyberattack detection system that monitors a computer network for lateral movement. In embodiments, the system uses network data from a computer network to build a baseline of connection behaviors for the network. Connection graphs are generated from new network data that indicate groups of nodes that made connections with one another during a last time interval. The graphs are analyzed for connection behavior anomalies and ranked to determine a subset of graphs with suspected lateral movement. Graphs with suspected lateral movement may be further analyzed to determine a set of possible attack paths in the lateral movements. The suspected attack paths are reported to network administrators via a notification interface. Advantageously, the disclosed system is able to detect potential lateral movements in localized portions of a network by monitoring for connection behavior anomalies in network data gathered from the network.

公开(公告)号：US20240039779A1

公开(公告)日：2024-02-01

申请号：US18190589

申请日：2023-03-27

申请人： Rapid7, Inc.

发明人： Stuart Millar ,  Ralph McTeggart

IPC分类号： H04L41/06 ,  G06N3/08 ,  G06N3/0455

CPC分类号： H04L41/06 ,  G06N3/08 ,  G06N3/0455

摘要： Techniques for associating assets related to events detected in at least one computer network with respective assets in an asset catalog for the at least one computer network. The techniques comprising: obtaining information about an event related to a first asset, the information specifying computer network addressing information for the first asset; generating a signature of the first asset from the computer network addressing information using at least one trained machine learning model, wherein the signature comprises a numeric representation of the first asset; associating the first asset with at least one asset in the asset catalog using the signature and at least one signature of the at least one asset in the asset catalog, wherein the at least one signature was previously determined using the at least one trained machine learning model; and outputting information identifying the at least one asset with which the first asset was associated.