公开(公告)号：US20230123509A1

公开(公告)日：2023-04-20

申请号：US17506544

申请日：2021-10-20

Applicant: Elasticsearch B.V.

Inventor： Ross David Wolf ,  Nicholas Charles Berlin ,  Brian Douglas McKinney

IPC: G06F11/30 ,  G06F9/50 ,  G06F9/54 ,  G06F21/57

Abstract: Provided are methods and systems for preventing malicious behavior of an end point. An example method commences with monitoring a stream of events associated with the end point. The method further includes processing the stream to record a set of events to a memory. Processing an event of the stream includes determining that the event satisfies at least one rule in a sequence of rules and, in response to the determination, adding the event to the set of events in the memory. The method further includes determining that the set of events includes a sequence of events. Each state in the sequence of events corresponds to at least one rule in the sequence of rules. The method continues with executing at least one action on the end point in response to the determination that the set of events includes the sequence of events.

公开(公告)号：US11632247B2

公开(公告)日：2023-04-18

申请号：US17234631

申请日：2021-04-19

Applicant: Elasticsearch B.V.

Inventor： Jayesh Modi

IPC: H04L9/32 ,  H04L9/00 ,  H04L9/08 ,  H04L9/40 ,  H04L9/14

Abstract: Provided are methods and systems for invalidating user security tokens. An example method may include providing, by one or more nodes in a cluster, a list of revoked security tokens. The method may include receiving, by the one or more nodes, an indication of invalidating a user security token associated with a user device. The indication may include a request from the user to invalidate the user security token. The method may further include, in response to the receiving, adding, by the one or more nodes, the user security token to the list of revoked security tokens. The user security token can be added to the list of revoked security tokens prior to the expiration time of the user security token. The method may further include replicating, by the one or more nodes, the list of revoked security tokens between further nodes of the cluster.

公开(公告)号：US20230078122A1

公开(公告)日：2023-03-16

申请号：US17939509

申请日：2022-09-07

Applicant: Elasticsearch B.V.

Inventor： Andrew Wilkins ,  Ron Cohen

IPC: H04L43/10

Abstract: Systems and methods for application performance management across one or more networks are disclosed. A system includes a plurality of geographically distributed computing devices executing one or more applications. A plurality of collectors are distributed across the one or more networks, each collector being positioned proximate a respective computing device. The collectors may sample, by each of the plurality of collectors, a plurality of trace events received from the applications executing on the computing devices proximate the collector. The collectors may retain in memory sampled trace events that meet a configurable attribute. The collectors may use probabilistic sets and tail-based sampling to determine root events and policies for identifying relevant traces. Benefits can be achieved in bandwidth savings, network cost and cyber security.

公开(公告)号：US11595475B2

公开(公告)日：2023-02-28

申请号：US17376652

申请日：2021-07-15

Applicant: Elasticsearch B.V.

Inventor： Alex Brasetvik ,  Njal Karevoll

IPC: G06F15/16 ,  H04L67/1095 ,  H04L9/32 ,  H04L67/01

Abstract: Self-replicating management services for distributed computing architectures are provided herein. An example method includes providing one or more nodes providing services; and maintaining a quorum of a plurality of management servers by: providing a distributed coordination service for the one or more nodes on each of the plurality of management servers; managing, via a director, requests for data on the distributed coordination service from the one or more nodes; promoting at least one of the one or more nodes to being one of the plurality of management servers; and maintaining secure tunnels between the plurality of management servers and the one or more nodes.

公开(公告)号：US20220342880A1

公开(公告)日：2022-10-27

申请号：US17241424

申请日：2021-04-27

Applicant: Elasticsearch B.V.

Inventor： Quinlan J. Hoxie ,  Matthew T. Riley

IPC: G06F16/2458 ,  G06F16/248

Abstract: Systems and methods that are adapted for automatic curation of query responses are disclosed herein. An example method includes obtaining user action metrics corresponding to responses provided in reply to a query for a target resource, the query having a search term, determining a portion of the responses having user action metrics with statistical significance, generating a list of curated responses based on the portion of the responses, and providing the curated responses in reply queries having the search term.

公开(公告)号：US20220131868A1

公开(公告)日：2022-04-28

申请号：US17570218

申请日：2022-01-06

Applicant: Elasticsearch B.V.

Inventor： Timothy Vernum ,  Clinton Gormley

IPC: H04L9/40 ,  H04L61/4505 ,  G06F16/951

Abstract: Service-to-service role mapping systems and methods are disclosed herein. An example role mapping service gathers user metadata before the role mapping by a second service. The user metadata is communicated to a first service which embeds the user metadata in a communication to the first service where the role mapping service maps one or more search engine service roles to a user based on the user metadata.

公开(公告)号：US20220038276A1

公开(公告)日：2022-02-03

申请号：US17504326

申请日：2021-10-18

Applicant: Elasticsearch B.V.

Inventor： Simon Daniel Willnauer

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/06 ,  G06F21/45

Abstract: Methods and systems for starting a node without a default password are provided. Exemplary methods include: creating a node responsive to indicia received from a user; checking for an existing keystore in the node; when no existing keystore is in the node: generating a seed password for a predefined user of the node; non-persistently providing the seed password to the user; creating an encrypted keystore in the node; and storing the seed password in the encrypted keystore; and allowing access to the node using the built-in user and seed password.

公开(公告)号：US11196554B2

公开(公告)日：2021-12-07

申请号：US16047959

申请日：2018-07-27

Applicant: Elasticsearch B.V.

Inventor： Simon Daniel Willnauer

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/06 ,  G06F21/45

Abstract: Methods and systems for starting a node without a default password are provided. Exemplary methods include: creating a node responsive to indicia received from a user; checking for an existing keystore in the node; when no existing keystore is in the node: generating a seed password for a predefined user of the node; non-persistently providing the seed password to the user; creating an encrypted keystore in the node; and storing the seed password in the encrypted keystore; and allowing access to the node using the built-in user and seed password.

公开(公告)号：US20210216652A1

公开(公告)日：2021-07-15

申请号：US17217589

申请日：2021-03-30

Applicant: Elasticsearch B.V.

Inventor： Adrien Grand

IPC: G06F21/62 ,  G06F16/35 ,  G06F16/33 ,  H04L29/06

Abstract: Methods and systems for a document-level attribute-based access control service are provided. The document-level attribute-based access control service may be positioned between a directory service and a search engine service. The directory service can manage information and permissions for users. The document-level attribute-based access control service can map security attributes to the user based on the information and permissions. Based on the mapping, it can be determined whether to permit the user making a query to the search engine service to access documents based on the query. Information and permissions attributes can be injected into queries dynamically via a template. Attributes may be combined with role query templates to create document-level attribute-based access control on top of role-based access control. The present technology can enable enforcement of security policies requiring all of a combination of attributes to be satisfied before permitting certain access.

公开(公告)号：US20210168149A1

公开(公告)日：2021-06-03

申请号：US17152621

申请日：2021-01-19

Applicant: Elasticsearch B.V.

Inventor： Clinton Gormley

IPC: H04L29/06 ,  G06F16/9535

Abstract: Service-to-service role mapping systems and methods are disclosed herein. An example role mapping service is positioned between a directory service and a search engine service, the directory service managing user information and permissions for users, the role mapping service mapping one or more search engine service roles to a user based on the user information and permissions received from the directory service.