公开(公告)号：US20210097172A1

公开(公告)日：2021-04-01

申请号：US17032479

申请日：2020-09-25

Applicant: Palantir Technologies Inc.

Inventor： Elliot Colquhoun ,  Andrew Eggleton ,  Alexandra Serenhov ,  Ankit Shankar ,  Brian Keohane ,  Corinne Petroschke ,  Darren Zhao ,  Ionut Octavian Iordache ,  Xiao Tang ,  Simon Vahr ,  Tareq Alkhatib ,  Athanasios Kontonasios ,  Thomas Mathew

IPC: G06F21/55 ,  G06F21/53 ,  G06F21/56 ,  G06F21/57

Abstract: A method, performed by one or more processors, includes: receiving an indication of a desired modification to a cybersecurity event detector that is being contemporaneously used for the detection of potential cybersecurity events in a production environment; modifying, in a sandbox environment, the cybersecurity event detector based on the indication of the desired modification to the cybersecurity event detector; and for each system event in a set of system events, determining, in the sandbox environment, whether the respective system event is indicative of a potential cybersecurity event using the modified cybersecurity event detector. Related apparatus are also disclosed.

公开(公告)号：US20240311471A1

公开(公告)日：2024-09-19

申请号：US18672230

申请日：2024-05-23

Applicant: Palantir Technologies Inc.

Inventor： Elliot Colquhoun ,  Andrew Eggleton ,  Alexandra Serenhov ,  Ankit Shankar ,  Brian Keohane ,  Corinne Petroschke ,  Darren Zhao ,  Ionut Octavian Iordache ,  Xiao Tang ,  Simon Vahr ,  Tareq Alkhatib ,  Athanasios Kontonasios ,  Thomas Mathew ,  Rushad Heerjee

IPC: G06F21/55 ,  G06F21/53 ,  G06F21/56 ,  G06F21/57

CPC classification number: G06F21/552 ,  G06F21/53 ,  G06F21/566 ,  G06F21/57 ,  G06F2221/2149

Abstract: A method, performed by one or more processors, includes: receiving an indication of a desired modification to a cybersecurity event detector that is being contemporaneously used for the detection of potential cybersecurity events in a production environment; modifying, in a sandbox environment, the cybersecurity event detector based on the indication of the desired modification to the cybersecurity event detector; and for each system event in a set of system events, determining, in the sandbox environment, whether the respective system event is indicative of a potential cybersecurity event using the modified cybersecurity event detector. Related apparatus are also disclosed.