公开(公告)号：US20210097172A1

公开(公告)日：2021-04-01

申请号：US17032479

申请日：2020-09-25

Applicant: Palantir Technologies Inc.

Inventor： Elliot Colquhoun ,  Andrew Eggleton ,  Alexandra Serenhov ,  Ankit Shankar ,  Brian Keohane ,  Corinne Petroschke ,  Darren Zhao ,  Ionut Octavian Iordache ,  Xiao Tang ,  Simon Vahr ,  Tareq Alkhatib ,  Athanasios Kontonasios ,  Thomas Mathew

IPC: G06F21/55 ,  G06F21/53 ,  G06F21/56 ,  G06F21/57

Abstract: A method, performed by one or more processors, includes: receiving an indication of a desired modification to a cybersecurity event detector that is being contemporaneously used for the detection of potential cybersecurity events in a production environment; modifying, in a sandbox environment, the cybersecurity event detector based on the indication of the desired modification to the cybersecurity event detector; and for each system event in a set of system events, determining, in the sandbox environment, whether the respective system event is indicative of a potential cybersecurity event using the modified cybersecurity event detector. Related apparatus are also disclosed.

公开(公告)号：US11874872B2

公开(公告)日：2024-01-16

申请号：US16660217

申请日：2019-10-22

Applicant: Palantir Technologies Inc.

Inventor： Andrew Eggleton ,  Alexandra Serenhov ,  Ankit Shankar ,  Brandon Helms ,  Brian Keohane ,  Darren Zhao ,  Elliot Colquhoun ,  Gautam Punukollu ,  Morten Kromann ,  Nikhil Seetharaman ,  Ranec Highet ,  Raj Krishnan ,  Xiao Tang ,  Sriram Krishnan ,  Simon Vahr ,  Tareq Alkhatib ,  Thomas Mathew

IPC: G06F21/00 ,  G06F16/901 ,  H04L9/40 ,  G06F21/55

CPC classification number: G06F16/9024 ,  G06F21/552 ,  G06F21/554 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20

Abstract: A method, performed by one or more processors, including: receiving one or more event records; generating, using the one or more event records, an event descriptor object descriptive of one or more events occurring in a networked system, wherein the event descriptor object comprises a plurality of event properties; receiving one or more entity records; generating, using the one or more entity records, an entity descriptor object descriptive of one or more entities relevant to the security of the networked system, wherein the entity descriptor object comprises a plurality of entity properties; incorporating, into an object graph, the event descriptor object and the entity descriptor object; and associating, in the object graph, the event descriptor object with the entity descriptor object using at least one of the plurality of event properties and at least one of the plurality of entity properties.

公开(公告)号：US20240111809A1

公开(公告)日：2024-04-04

申请号：US18525710

申请日：2023-11-30

Applicant: Palantir Technologies Inc.

Inventor： Andrew Eggleton ,  Alexandra Serenhov ,  Ankit Shankar ,  Brandon Helms ,  Brian Keohane ,  Darren Zhao ,  Elliot Colquhoun ,  Gautam Punukollu ,  Morten Kromann ,  Nikhil Seetharaman ,  Ranec Highet ,  Raj Krishnan ,  Xiao Tang ,  Sriram Krishnan ,  Simon Vahr ,  Tareq Alkhatib ,  Thomas Mathew

IPC: G06F16/901 ,  G06F21/55 ,  H04L9/40

CPC classification number: G06F16/9024 ,  G06F21/552 ,  G06F21/554 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20

Abstract: A method, performed by one or more processors, including: receiving one or more event records; generating, using the one or more event records, an event descriptor object descriptive of one or more events occurring in a networked system, wherein the event descriptor object comprises a plurality of event properties; receiving one or more entity records; generating, using the one or more entity records, an entity descriptor object descriptive of one or more entities relevant to the security of the networked system, wherein the entity descriptor object comprises a plurality of entity properties; incorporating, into an object graph, the event descriptor object and the entity descriptor object; and associating, in the object graph, the event descriptor object with the entity descriptor object using at least one of the plurality of event properties and at least one of the plurality of entity properties.

公开(公告)号：US11783269B1

公开(公告)日：2023-10-10

申请号：US17249397

申请日：2021-03-01

Applicant: Palantir Technologies Inc.

Inventor： Ankit Shankar ,  Darren Zhao ,  Kayo Teramoto ,  Matthew Hawes ,  Thomas Mathew ,  Faith Cataltepe

IPC: G06Q10/067 ,  G06F3/0482 ,  G06F3/04847

CPC classification number: G06Q10/067 ,  G06F3/0482 ,  G06F3/04847

Abstract: A computer system may be configured to access a rule including one or more conditions, providing a user interface configured for user input of a modification to a condition of the rule, receive from a user, via the user interface, a modification to a first condition of the rule constituting a first changed condition, wherein the first changed condition is associated with a modified rule, determine an output data set, based on an input data set including a plurality of past data samples, and the first changed condition of the modified rule, and update the user interface to include a visualization indicating at least some of the output data set.

公开(公告)号：US20240311471A1

公开(公告)日：2024-09-19

申请号：US18672230

申请日：2024-05-23

Applicant: Palantir Technologies Inc.

Inventor： Elliot Colquhoun ,  Andrew Eggleton ,  Alexandra Serenhov ,  Ankit Shankar ,  Brian Keohane ,  Corinne Petroschke ,  Darren Zhao ,  Ionut Octavian Iordache ,  Xiao Tang ,  Simon Vahr ,  Tareq Alkhatib ,  Athanasios Kontonasios ,  Thomas Mathew ,  Rushad Heerjee

IPC: G06F21/55 ,  G06F21/53 ,  G06F21/56 ,  G06F21/57

CPC classification number: G06F21/552 ,  G06F21/53 ,  G06F21/566 ,  G06F21/57 ,  G06F2221/2149

Abstract: A method, performed by one or more processors, includes: receiving an indication of a desired modification to a cybersecurity event detector that is being contemporaneously used for the detection of potential cybersecurity events in a production environment; modifying, in a sandbox environment, the cybersecurity event detector based on the indication of the desired modification to the cybersecurity event detector; and for each system event in a set of system events, determining, in the sandbox environment, whether the respective system event is indicative of a potential cybersecurity event using the modified cybersecurity event detector. Related apparatus are also disclosed.

公开(公告)号：US20230394083A1

公开(公告)日：2023-12-07

申请号：US16660217

申请日：2019-10-22

Applicant: Palantir Technologies Inc.

Inventor： Andrew Eggleton ,  Alexandra Serenhov ,  Ankit Shankar ,  Brandon Helms ,  Brian Keohane ,  Darren Zhao ,  Elliot Colquhoun ,  Gautam Punukollu ,  Morten Kromann ,  Nikhil Seetharaman ,  Ranec Highet ,  Raj Krishnan ,  Xiao Tang ,  Sriram Krishnan ,  Simon Vahr ,  Tareq Alkhatib ,  Thomas Mathew

IPC: H04L9/40

CPC classification number: H04L63/205 ,  H04L63/1425 ,  H04L63/1416 ,  H04L63/145

Abstract: A method, performed by one or more processors, including: receiving one or more event records; generating, using the one or more event records, an event descriptor object descriptive of one or more events occurring in a networked system, wherein the event descriptor object comprises a plurality of event properties; receiving one or more entity records; generating, using the one or more entity records, an entity descriptor object descriptive of one or more entities relevant to the security of the networked system, wherein the entity descriptor object comprises a plurality of entity properties; incorporating, into an object graph, the event descriptor object and the entity descriptor object; and associating, in the object graph, the event descriptor object with the entity descriptor object using at least one of the plurality of event properties and at least one of the plurality of entity properties.