×

Method and System for Determining Initial Execution of an Attack

  • US 20170171224A1
  • Filed: 12/09/2015
  • Published: 06/15/2017
  • Est. Priority Date: 12/09/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method for determining an initial execution of an attack on an endpoint, comprising:

  • obtaining an indicator of the attack by analyzing a first process on the endpoint, the initial execution being associated with the first process by a sequence of processes that includes the first process, each respective process in the sequence of processes being executed or created by at least one of the initial execution or a process in the sequence of processes; and

    identifying the initial execution based on linking from the first process to the initial execution through a combination of executions and creations of the processes in the sequence of processes.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×