×

METHOD AND SYSTEM FOR IDENTIFYING UNCORRELATED SUSPICIOUS EVENTS DURING AN ATTACK

  • US 20170171240A1
  • Filed: 10/13/2016
  • Published: 06/15/2017
  • Est. Priority Date: 12/09/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method for identifying events associated with an attack initiated on an endpoint, comprising:

  • obtaining a listing of processes executed or created on the endpoint during the attack, the processes including a first process and at least one subsequent process executed or created by the first process;

    analyzing whether at least one event occurred on the endpoint during a time interval associated with the attack; and

    determining whether the listing of processes includes a process that when executed caused the occurrence of the at least one event.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×