Threat Hunting Across Datacenters To Identify Security Incidents

Organization Name

Microsoft Technology Licensing, LLC

Inventor(s)

Sekhar Poornananda Chintalapati of Redmond WA (US)

Pieter Kristian Brouwer of Redmond WA (US)

Gaurav Anil Yeole of Surrey (CA)

Virendra Vishwakarma of Issaquah WA (US)

Dattatraya Baban Rajpure of Sammamish WA (US)

Mihai Silviu Peicu of Redmond WA (US)

Vinod Kumar Yelahanka Srinivas of Bellevue WA (US)

Rajesh Raman Peddibhotla of Sammamish WA (US)

Threat Hunting Across Datacenters To Identify Security Incidents - A simplified explanation of the abstract

This abstract first appeared for US patent application 17739366 titled 'Threat Hunting Across Datacenters To Identify Security Incidents

Simplified Explanation

- The patent application describes techniques for generating an identifier index table (IIT) and executing queries. - The IIT is used to map different labels used in various data sources to a commonly defined data type. - The IIT is then used to generate executable queries based on the selected data type and search for indicators of compromise (IOC) in the data sources. - The results of the queries are analyzed to identify the IOC.

Original Abstract Submitted

Techniques for generating an identifier index table (IIT) and for executing queries are disclosed. The IIT maps different labels used among different data sources to a commonly defined data type. The IIT is used to generate a set of queries that are executable based on selection of the commonly defined data type and that are executable against the different data sources to search for an indicator of compromise (IOC) within the different data sources. The results from the queries are analyzed in an attempt to identify the IOC.