Realtime triggering framework
First Claim
Patent Images
1. A computer-implemented method, comprising:
- generating a trigger registration for a selected triggering type;
storing the generated trigger registration in a triggering persistency;
analyzing a received event from an event persistency;
comparing data associated with the analyzed event with the triggering persistency; and
based on the comparison, processing, using a pattern execution framework, an enterprise threat detection (ETD) pattern data object to perform actions responsive to the received event, wherein the ETD pattern is translated into a structured query language (SQL) query, and wherein the ETD pattern contains paths connected over references and each path contains subsets representing conditions; and
upon detection of an alert based on processing of the ETD pattern, transmitting a pattern identification of the ETD pattern to a high-frequency computational daemon thread or a job which processes one or more other ETD patterns corresponding to the ETD pattern in parallel and by triggering separate processing threads to execute each other ETD pattern, wherein each separate processing thread completes processing of a particular other ETD pattern and ends with no return to the high-frequency computational daemon thread or the job.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented method generates a trigger registration for a selected triggering type. The generated trigger registration is stored in a triggering persistency. A received event from an event persistency is analyzed and data associated with the analyzed event is compared with the triggering persistency. Based on the comparison and using a pattern execution framework, an enterprise threat detection (ETD) pattern is processed to perform actions responsive to the received event.
197 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
generating a trigger registration for a selected triggering type; storing the generated trigger registration in a triggering persistency; analyzing a received event from an event persistency; comparing data associated with the analyzed event with the triggering persistency; and based on the comparison, processing, using a pattern execution framework, an enterprise threat detection (ETD) pattern data object to perform actions responsive to the received event, wherein the ETD pattern is translated into a structured query language (SQL) query, and wherein the ETD pattern contains paths connected over references and each path contains subsets representing conditions; and upon detection of an alert based on processing of the ETD pattern, transmitting a pattern identification of the ETD pattern to a high-frequency computational daemon thread or a job which processes one or more other ETD patterns corresponding to the ETD pattern in parallel and by triggering separate processing threads to execute each other ETD pattern, wherein each separate processing thread completes processing of a particular other ETD pattern and ends with no return to the high-frequency computational daemon thread or the job. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
-
generating a trigger registration for a selected triggering type; storing the generated trigger registration in a triggering persistency; analyzing a received event from an event persistency; comparing data associated with the analyzed event with the triggering persistency; and based on the comparison, processing, using a pattern execution framework, an enterprise threat detection (ETD) pattern data object to perform actions responsive to the received event, wherein the ETD pattern is translated into a structured query language (SQL) query, and wherein the ETD pattern contains paths connected over references and each path contains subsets representing conditions; and upon detection of an alert based on processing of the ETD pattern, transmitting a pattern identification of the ETD pattern to a high-frequency computational daemon thread or a job which processes one or more other ETD patterns corresponding to the ETD pattern in parallel and by triggering separate processing threads to execute each other ETD pattern, wherein each separate processing thread completes processing of a particular other ETD pattern and ends with no return to the high-frequency computational daemon thread or the job. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented system, comprising:
a hardware processor interoperably coupled with a computer memory and configured to perform operations comprising; generating a trigger registration for a selected triggering type; storing the generated trigger registration in a triggering persistency; analyzing a received event from an event persistency; comparing data associated with the analyzed event with the triggering persistency; and based on the comparison, processing, using a pattern execution framework, an enterprise threat detection (ETD) pattern data object to perform actions responsive to the received event, wherein the ETD pattern is translated into a structured query language (SQL) query, and wherein the ETD pattern contains paths connected over references and each path contains subsets representing conditions; and upon detection of an alert based on processing of the ETD pattern, transmitting a pattern identification of the ETD pattern to a high-frequency computational daemon thread or a lob which processes one or more other ETD patterns corresponding to the ETD pattern in parallel and by triggering separate processing threads to execute each other ETD pattern, wherein each separate processing thread completes processing of a particular other ETD pattern and ends with no return to the high-frequency computational daemon thread or the job. - View Dependent Claims (16, 17, 18, 19, 20)
Specification