×

Collecting and storing threat level indicators for service rule processing

  • US 10,503,536 B2
  • Filed: 07/14/2017
  • Issued: 12/10/2019
  • Est. Priority Date: 12/22/2016
  • Status: Active Grant
First Claim
Patent Images

1. A method of performing services on a host computer that executes a plurality of machines, the plurality of machines including a first machine, the method comprising:

  • at a process-control module executing on the host computer,receiving a process identifier identifying a first process executing on the first machine and associated with a first application executing on the first machine;

    using the received process identifier to query the first machine to obtain one or more additional process identifiers of the first process, wherein the one or more additional process identifiers include at least one of a process hash and an application name,providing at least one of the additional process identifiers to a threat detector executing on the host computer to obtain a threat-level indicator for the first process, wherein the threat level indicator is a threat score that is based on a set of one or more behavioral factors associated with the first application;

    in a storage on the host computer, storing the threat level indicator for a data message flow emanating from the first process in order to process attribute-based service rules that a service engine on the host computer enforces for said data message flow.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×