×

Location enrichment in enterprise threat detection

  • US 10,542,016 B2
  • Filed: 08/31/2016
  • Issued: 01/21/2020
  • Est. Priority Date: 08/31/2016
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method, comprising:

  • receiving subnet information and location information from a database into a smart data streaming engine (SDS) subnet-location cache, wherein a particular subnet of the subnet information is associated with a particular location of the location information by a globally unique location ID value, and wherein the information is stored in the subnet-location cache in the form of a dictionary table and a vector for fast data enrichment;

    receiving log event data in the SDS;

    normalizing the log event data in the SDS as normalized log event data;

    enriching the normalized log event data with the subnet information and the location information as enriched log event data;

    writing the enriched log event data into a log event persistence in the database; and

    using a subnet ID value retrieved from an enriched log event of the enriched log event data by an enterprise threat detection (ETD) system to determine a location associated with the enriched log event using the location ID value associated with the subnet ID value.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×