SYSTEMS AND METHODS FOR IDENTIFYING A SOURCE OF A SUSPECT EVENT
First Claim
Patent Images
1. A computer-implemented method for identifying a source of a suspect event, comprising:
- registering system events in a database;
detecting a suspicious event associated with a first process;
identifying the first process as being one of a plurality of potential puppet processes; and
querying the registered system events in the database to identify a second process, the second process detected as launching the first process.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for identifying a source of a suspect event is described. In one embodiment, system events may be registered in a database. A suspicious event associated with a first process may be detected and the first process may be identified as being one of a plurality of potential puppet processes. The registered system events in the database may be queried to identify a second process, where the second process is detected as launching the first process.
12 Citations
20 Claims
-
1. A computer-implemented method for identifying a source of a suspect event, comprising:
-
registering system events in a database; detecting a suspicious event associated with a first process; identifying the first process as being one of a plurality of potential puppet processes; and querying the registered system events in the database to identify a second process, the second process detected as launching the first process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computing device configured to identify a source of a suspect event, comprising:
-
a processor; memory in electronic communication with the processor; instructions stored in the memory, the instructions being executable by the processor to; register system events in a database; detect a suspicious event associated with a first process; identify the first process as being one of a plurality of potential puppet processes; and query the registered system events in the database to identify a second process, the second process detected as launching the first process. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-program product for identify, by a processor, a source of a suspect event, the computer-program product comprising a non-transitory computer-readable medium storing instructions thereon, the instructions being executable by the processor to:
-
register system events in a database; detect a suspicious event associated with a first process; identify the first process as being one of a plurality of potential puppet processes; and query the registered system events in the database to identify a second process, the second process detected as launching the first process. - View Dependent Claims (20)
-
Specification