公开(公告)号：US11882145B2

公开(公告)日：2024-01-23

申请号：US17845514

申请日：2022-06-21

申请人： Palantir Technologies Inc.

发明人： Elliot Colquhoun ,  Abhishek Agarwal ,  Andrew Eggleton ,  Brandon Helms ,  Carl Ambroselli ,  Cem Zorlular ,  Daniel Kelly ,  Gautam Punukollu ,  Jeffrey Tsui ,  Morten Kromann ,  Nikhil Seetharaman ,  Raj Krishnan ,  Samuel Jones ,  Tareq Alkhatib ,  Dayang Shi

IPC分类号： H04L9/40 ,  G06F8/65 ,  H04L67/75

CPC分类号： H04L63/1433 ,  G06F8/65 ,  H04L63/1441 ,  H04L67/75

摘要： A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.

公开(公告)号：US20210263920A1

公开(公告)日：2021-08-26

申请号：US17249585

申请日：2021-03-05

申请人： Palantir Technologies Inc.

发明人： Samuel Jones ,  Sean Hacker

IPC分类号： G06F16/2455 ,  G06F16/23 ,  G06F16/25 ,  G06F16/245

摘要： Systems and methods for rapid importation of data including temporally tracked object recognition. One of the methods includes receiving datasets each indicating information associated with one or more objects. Information indicating unique identifying information associated with the objects is accessed, and an updated dataset joining information from datasets that is associated with each object is generated. The updated dataset is maintained to include most recent versions of each of the datasets, with one or more datasets being replaced with more recent versions, and with one or more other datasets being propagated to be the most recent versions. Queries received from clients are responded to, with the queries indicating requests for specific information related to objects.

公开(公告)号：US09628500B1

公开(公告)日：2017-04-18

申请号：US15224443

申请日：2016-07-29

申请人： Palantir Technologies Inc.

发明人： Maxim Kesin ,  Samuel Jones

IPC分类号： H04L29/06 ,  G06N7/00

CPC分类号： H04L63/1425 ,  G06N7/005 ,  H04L61/2007 ,  H04L63/083 ,  H04L63/12 ,  H04L63/1416 ,  H04L67/22 ,  H04L2463/143

摘要： A security system detects anomalous activity in a network. The system logs user activity, which can include ports used, compares users to find similar users, sorts similar users into cohorts, and compares new user activity to logged behavior of the cohort. The comparison can include a divergence calculation. Origins of user activity can also be used to determine anomalous network activity. The hostname, username, IP address, and timestamp can be used to calculate aggregate scores and convoluted scores.

公开(公告)号：US20190081971A1

公开(公告)日：2019-03-14

申请号：US16186801

申请日：2018-11-12

申请人： Palantir Technologies Inc.

发明人： Samuel Jones ,  Timothy Yousaf ,  Drew Dennison ,  Vivek Lakshmanan ,  Joseph Staehle ,  Samuel Kremin ,  Maxim Kesin ,  Taylor Heroux

IPC分类号： H04L29/06 ,  G06F21/55 ,  H04L29/08

摘要： Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.

公开(公告)号：US20190007441A1

公开(公告)日：2019-01-03

申请号：US16109379

申请日：2018-08-22

申请人： Palantir Technologies Inc.

发明人： Maxim Kesin ,  Samuel Jones

IPC分类号： H04L29/06 ,  H04L29/08 ,  G06N7/00 ,  H04L29/12

CPC分类号： H04L63/1425 ,  G06N7/005 ,  H04L61/2007 ,  H04L63/083 ,  H04L63/12 ,  H04L63/1416 ,  H04L67/22 ,  H04L2463/143

摘要： A security system detects anomalous activity in a network. The system logs user activity, which can include ports used, compares users to find similar users, sorts similar users into cohorts, and compares new user activity to logged behavior of the cohort. The comparison can include a divergence calculation. Origins of user activity can also be used to determine anomalous network activity. The hostname, username, IP address, and timestamp can be used to calculate aggregate scores and convoluted scores.

公开(公告)号：US20180351991A1

公开(公告)日：2018-12-06

申请号：US16035956

申请日：2018-07-16

申请人： Palantir Technologies Inc.

发明人： Samuel Jones ,  Joseph Staehle ,  Lucy Cheng

IPC分类号： H04L29/06 ,  G06F21/55

CPC分类号： H04L63/1433 ,  G06F21/55 ,  G06F21/577 ,  H04L63/102 ,  H04L63/107 ,  H04L63/14 ,  H04L63/1425

摘要： Methods, systems, and apparatus, including computer programs encoded on computer storage media, for computer network security risk assessment. One of the methods includes obtaining compromise likelihoods for user accounts. Information describing a network topology of a network is obtained, with the network topology being nodes each connected by an edge to other nodes, each node being associated with a compromise likelihood, and one or more nodes are high value nodes associated with a compromise value. Unique paths to each of the high value nodes are determined for a particular user account. An expected value for each path is determined based on the compromise likelihood of the particular user account, the compromise likelihood of each node included in the path, the communication weight of each edge included in the path, and the compromise value associated with the high value node. User interface data is generated describing at least one path.

公开(公告)号：US09407652B1

公开(公告)日：2016-08-02

申请号：US14970317

申请日：2015-12-15

申请人： Palantir Technologies, Inc.

发明人： Maxim Kesin ,  Samuel Jones

IPC分类号： H04L29/06

CPC分类号： H04L63/1425 ,  G06N7/005 ,  H04L61/2007 ,  H04L63/083 ,  H04L63/12 ,  H04L63/1416 ,  H04L67/22 ,  H04L2463/143

摘要： A security system detects anomalous activity in a network. The system logs user activity, which can include ports used, compares users to find similar users, sorts similar users into cohorts, and compares new user activity to logged behavior of the cohort. The comparison can include a divergence calculation. Origins of user activity can also be used to determine anomalous network activity. The hostname, username, IP address, and timestamp can be used to calculate aggregate scores and convoluted scores.

摘要翻译： 安全系统检测网络中的异常活动。 系统记录用户活动，其中可以包括使用的端口，比较用户以查找类似的用户，将类似的用户排序为队列，并将新的用户活动与队列的记录行为进行比较。 比较可以包括发散计算。 用户活动的起源也可用于确定异常网络活动。 主机名，用户名，IP地址和时间戳记可用于计算总分数和卷积分数。

公开(公告)号：US20240146758A1

公开(公告)日：2024-05-02

申请号：US18393394

申请日：2023-12-21

申请人： Palantir Technologies Inc.

发明人： Elliot Colquhoun ,  Abhishek Agarwal ,  Andrew Eggleton ,  Brandon Helms ,  Carl Ambroselli ,  Cem Zorlular ,  Daniel Kelly ,  Gautam Punukollu ,  Jeffrey Tsui ,  Morten Kromann ,  Nikhil Seetharaman ,  Raj Krishnan ,  Samuel Jones ,  Tareq Alkhatib ,  Dayang Shi

IPC分类号： H04L9/40 ,  G06F8/65 ,  H04L67/75

CPC分类号： H04L63/1433 ,  G06F8/65 ,  H04L63/1441 ,  H04L67/75

摘要： A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.

公开(公告)号：US11704322B2

公开(公告)日：2023-07-18

申请号：US17249585

申请日：2021-03-05

申请人： Palantir Technologies Inc.

发明人： Samuel Jones ,  Sean Hacker

IPC分类号： G06F16/2455 ,  G06F16/23 ,  G06F16/245 ,  G06F16/25

CPC分类号： G06F16/2456 ,  G06F16/23 ,  G06F16/245 ,  G06F16/25

摘要： Systems and methods for rapid importation of data including temporally tracked object recognition. One of the methods includes receiving datasets each indicating information associated with one or more objects. Information indicating unique identifying information associated with the objects is accessed, and an updated dataset joining information from datasets that is associated with each object is generated. The updated dataset is maintained to include most recent versions of each of the datasets, with one or more datasets being replaced with more recent versions, and with one or more other datasets being propagated to be the most recent versions. Queries received from clients are responded to, with the queries indicating requests for specific information related to objects.

公开(公告)号：US10963465B1

公开(公告)日：2021-03-30

申请号：US15801591

申请日：2017-11-02

申请人： Palantir Technologies Inc.

发明人： Samuel Jones ,  Sean Hacker

IPC分类号： G06F16/2455 ,  G06F16/245 ,  G06F16/23 ,  G06F16/25

摘要： Systems and methods for rapid importation of data including temporally tracked object recognition. One of the methods includes receiving datasets each indicating information associated with one or more objects. Information indicating unique identifying information associated with the objects is accessed, and an updated dataset joining information from datasets that is associated with each object is generated. The updated dataset is maintained to include most recent versions of each of the datasets, with one or more datasets being replaced with more recent versions, and with one or more other datasets being propagated to be the most recent versions. Queries received from clients are responded to, with the queries indicating requests for specific information related to objects.