公开(公告)号：US11093617B2

公开(公告)日：2021-08-17

申请号：US15815155

申请日：2017-11-16

Applicant: ServiceNow, Inc.

Inventor： Kurt Joseph Zettel, II ,  Lisa Henderson ,  Phillip DiCorpo ,  Volodymyr Osypov ,  Karan Shah ,  Xuchang Chen ,  Jerome Liu

IPC: G06F21/57 ,  H04L29/06 ,  G06F21/55 ,  G06F11/30 ,  G06F11/32

Abstract: Systems and methods for automatically grouping vulnerabilities into vulnerability groups are provided. Vulnerabilities are received in the vulnerability response system and are automatically grouped into one or more vulnerability groups based upon grouping fields defined in a vulnerability group rule.

公开(公告)号：US09710644B2

公开(公告)日：2017-07-18

申请号：US14615202

申请日：2015-02-05

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok ,  Andreas Seip Haugsnes ,  Kurt Joseph Zettel, II ,  Jeffrey Rhines ,  Henry Geddes ,  Volodymyr Osypov ,  Scott Lewis ,  Sean Brady ,  Mark Manning

IPC: G06F3/00 ,  G06F21/55 ,  H04L29/06

CPC classification number: G06F21/552 ,  H04L63/145

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

公开(公告)号：US20190102560A1

公开(公告)日：2019-04-04

申请号：US15815155

申请日：2017-11-16

Applicant: ServiceNow, Inc.

Inventor： Kurt Joseph Zettel, II ,  Lisa Henderson ,  Phillip DiCorpio ,  Volodymyr Osypov ,  Karan Shah ,  Xuchang Chen ,  Jerome Liu

IPC: G06F21/57 ,  H04L29/06 ,  G06F21/55 ,  G06F11/30 ,  G06F11/32

Abstract: Systems and methods for automatically grouping vulnerabilities into vulnerability groups are provided. Vulnerabilities are received in the vulnerability response system and are automatically grouped into one or more vulnerability groups based upon grouping fields defined in a vulnerability group rule.

公开(公告)号：US11704405B2

公开(公告)日：2023-07-18

申请号：US17457152

申请日：2021-12-01

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok ,  Andreas Seip Haugsnes ,  Kurt Joseph Zettel, II ,  Jeffrey Rhines ,  Henry Geddes ,  Volodymyr Osypov ,  Scott Lewis ,  Sean Brady ,  Mark Manning

IPC: G06F21/55 ,  H04L9/40

CPC classification number: G06F21/552 ,  H04L63/145

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

公开(公告)号：US20220083653A1

公开(公告)日：2022-03-17

申请号：US17457152

申请日：2021-12-01

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok ,  Andreas Seip Haugsnes ,  Kurt Joseph Zettel, III ,  Jeffrey Rhines ,  Henry Geddes ,  Volodymyr Osypov ,  Scott Lewis ,  Sean Brady ,  Mark Manning

IPC: G06F21/55 ,  H04L29/06

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

公开(公告)号：US20170316203A1

公开(公告)日：2017-11-02

申请号：US15651924

申请日：2017-07-17

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok ,  Andreis Seip Haugsnes ,  Kurt Joseph Zettel, II ,  Jeffrey Rhines ,  Henry Geddes ,  Volodymyr Osypov ,  Scott Lewis ,  Sean Brady ,  Mark Manning

IPC: G06F21/55 ,  H04L29/06

CPC classification number: G06F21/552 ,  H04L63/145

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

公开(公告)号：US11222111B2

公开(公告)日：2022-01-11

申请号：US16827127

申请日：2020-03-23

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok ,  Andreas Seip Haugsnes ,  Kurt Joseph Zettel, II ,  Jeffrey Rhines ,  Henry Geddes ,  Volodymyr Osypov ,  Scott Lewis ,  Sean Brady ,  Mark Manning

IPC: G06F21/55 ,  H04L29/06

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

公开(公告)号：US20190034626A1

公开(公告)日：2019-01-31

申请号：US16151085

申请日：2018-10-03

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok ,  Andreis Seip Haugsnes ,  Kurt Joseph Zettel, II ,  Jeffrey Rhines ,  Henry Geddes ,  Volodymyr Osypov ,  Scott Lewis ,  Sean Brady ,  Mark Manning

IPC: G06F21/55 ,  H04L29/06

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

公开(公告)号：US10032020B2

公开(公告)日：2018-07-24

申请号：US15651924

申请日：2017-07-17

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok ,  Andreis Seip Haugsnes ,  Kurt Joseph Zettel, II ,  Jeffrey Rhines ,  Henry Geddes ,  Volodymyr Osypov ,  Scott Lewis ,  Sean Brady ,  Mark Manning

IPC: G06F21/56 ,  G06F21/55 ,  H04L29/06

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.