Capturing data relating to a threat
First Claim
1. A method of capturing data relating to a threat, wherein the method includes, in a server processing system:
- receiving event history data that comprises a sequential chain of one or more events performed by a client processing system, wherein performance of the one or more events in the sequential chain of one or more events leads to a trigger event, and wherein the sequential chain of one or more events is associated with the threat;
upon detecting the trigger event, suspending performance of one or more further events from the threat, wherein a second chain of events comprises the sequential chain of one or more events and the one or more further events, the one or more further events configured to execute subsequent to the trigger event in the second chain of events;
receiving the trigger event that occurred in the client processing system, wherein the server processing system receives the event history data in response to the client processing system detecting the trigger event, the trigger event comprising a level of threat, wherein the level of threat includes a value to indicate a probability of the trigger event posing a threat to the client processing system;
determining whether the level of threat satisfies a predetermined threshold;
upon determining the level of threat satisfies the predetermined threshold, permitting the one or more further events to be performed by the client processing system subsequent to the occurrence of the trigger event in order to capture additional data regarding the threat;
analyzing the events in the sequential chain of one or more events in a reverse order to determine a starting point for the sequential chain of one or more events, wherein analyzing the events in the reverse order comprises analyzing the events in the reverse order that the events were added to the sequential chain of one or more events;
comparing the event history data against past event history data received from a plurality of client processing systems in order to determine if the event history data and the past event history data comprise a series of common events; and
identifying an entity associated with the series of common events.
5 Assignments
0 Petitions
Accused Products
Abstract
A method of capturing data relating to a threat in a server processing system is described. Event history data that comprises a sequential chain of one or more events performed by a client processing system is received. Performance of the one or more events in the chain leads to a trigger event. The trigger event that occurred in the client processing system is also received. The server processing system receives the event history data in response to the client processing system detecting the trigger event. The events in the chain are analyzed in a reverse order to determine a starting point for the chain of events. The event history data is compared against past event history data received from a plurality of client processing systems in order to determine if the event history data and the past event history data comprise a series of common events. An entity associated with the series of common events is identified.
159 Citations
20 Claims
-
1. A method of capturing data relating to a threat, wherein the method includes, in a server processing system:
-
receiving event history data that comprises a sequential chain of one or more events performed by a client processing system, wherein performance of the one or more events in the sequential chain of one or more events leads to a trigger event, and wherein the sequential chain of one or more events is associated with the threat; upon detecting the trigger event, suspending performance of one or more further events from the threat, wherein a second chain of events comprises the sequential chain of one or more events and the one or more further events, the one or more further events configured to execute subsequent to the trigger event in the second chain of events; receiving the trigger event that occurred in the client processing system, wherein the server processing system receives the event history data in response to the client processing system detecting the trigger event, the trigger event comprising a level of threat, wherein the level of threat includes a value to indicate a probability of the trigger event posing a threat to the client processing system; determining whether the level of threat satisfies a predetermined threshold; upon determining the level of threat satisfies the predetermined threshold, permitting the one or more further events to be performed by the client processing system subsequent to the occurrence of the trigger event in order to capture additional data regarding the threat; analyzing the events in the sequential chain of one or more events in a reverse order to determine a starting point for the sequential chain of one or more events, wherein analyzing the events in the reverse order comprises analyzing the events in the reverse order that the events were added to the sequential chain of one or more events; comparing the event history data against past event history data received from a plurality of client processing systems in order to determine if the event history data and the past event history data comprise a series of common events; and identifying an entity associated with the series of common events. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A server processing system configured to capture data relating to a threat, wherein the server processing system comprises:
-
a processor; memory in electronic communication with the processor; and instructions stored in the memory, the instructions being executable by the processor to; receive event history data that comprises a sequential chain of one or more events performed by a client processing system, wherein performance of the one or more events in the sequential chain of one or more events leads to a trigger event, and wherein the sequential chain of one or more events is associated with a threat; upon detecting the trigger event, suspend performance of one or more further events from the threat, wherein a second chain of events comprises the sequential chain of one or more events and the one or more further events, the one or more further events configured to execute subsequent to the trigger event in the second chain of events; receive the trigger event that occurred in the client processing system, wherein the server processing system receives the event history data in response to the client processing system detecting the trigger event, the trigger event comprising a level of threat, wherein the level of threat includes a value to indicate a probability of the trigger event posing a threat to the client processing system; determine whether the level of threat satisfies a predetermined threshold; upon determining the level of threat satisfies the predetermined threshold, permit the one or more further events to be performed by the client processing system subsequent to the occurrence of the trigger event in order to capture additional data regarding the threat; analyze the events in the sequential chain of one or more events in a reverse order to determine a starting point for the sequential chain of one or more events, wherein analyzing the events in the reverse order comprises analyzing the events in the reverse order that the events were added to the sequential chain of one or more events; compare the event history data against past event history data received from a plurality of client processing systems in order to determine if the event history data and the past event history data comprise a series of common events; and identify an entity associated with the series of common events. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method of capturing data relating to a threat, wherein the method includes, in a client processing system:
-
recording event history data that comprises a sequential chain of one or more events performed by a client processing system, wherein performance of the one or more events in the sequential chain of one or more events leads to a trigger event, and wherein the sequential chain of one or more events is associated with a threat; upon detecting the trigger event, suspending performance of one or more further events from the threat, wherein a second chain of events comprises the sequential chain of one or more events and the one or more further events, the one or more further events configured to execute subsequent to the trigger event in the second chain of events; detecting the trigger event in the client processing system, the trigger event comprising a level of threat, wherein the level of threat includes a value to indicate a probability of the trigger event posing a threat to the client processing system; determining whether the level of threat satisfies a predetermined threshold; upon determining the level of threat satisfies the predetermined threshold, performing the one or more further events subsequent to the occurrence of the trigger event based on the level of criticality in order to capture additional data regarding the threat; analyzing the events in the sequential chain in a reverse order to determine a starting point for the sequential chain of one or more events, wherein analyzing the events in the reverse order comprises analyzing the events in the reverse order that the events were added to the sequential chain of one or more events; and in response to detecting the trigger event, transferring the event history data from the starting point of the chain of events to a server processing system, wherein the server processing system compares the event history data against past event history data received from a plurality of client processing systems in order to determine if the event history data and the past event history data comprise a series of common events, and identifies an entity associated with the series of common events. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification