公开(公告)号：US11704405B2

公开(公告)日：2023-07-18

申请号：US17457152

申请日：2021-12-01

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok ,  Andreas Seip Haugsnes ,  Kurt Joseph Zettel, II ,  Jeffrey Rhines ,  Henry Geddes ,  Volodymyr Osypov ,  Scott Lewis ,  Sean Brady ,  Mark Manning

IPC: G06F21/55 ,  H04L9/40

CPC classification number: G06F21/552 ,  H04L63/145

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

公开(公告)号：US20220083653A1

公开(公告)日：2022-03-17

申请号：US17457152

申请日：2021-12-01

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok ,  Andreas Seip Haugsnes ,  Kurt Joseph Zettel, III ,  Jeffrey Rhines ,  Henry Geddes ,  Volodymyr Osypov ,  Scott Lewis ,  Sean Brady ,  Mark Manning

IPC: G06F21/55 ,  H04L29/06

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

公开(公告)号：US20170316203A1

公开(公告)日：2017-11-02

申请号：US15651924

申请日：2017-07-17

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok ,  Andreis Seip Haugsnes ,  Kurt Joseph Zettel, II ,  Jeffrey Rhines ,  Henry Geddes ,  Volodymyr Osypov ,  Scott Lewis ,  Sean Brady ,  Mark Manning

IPC: G06F21/55 ,  H04L29/06

CPC classification number: G06F21/552 ,  H04L63/145

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

公开(公告)号：US11539720B2

公开(公告)日：2022-12-27

申请号：US16902193

申请日：2020-06-15

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok, Jr. ,  Jeffrey Rhines ,  Kurt Joseph Zettel, II ,  Henry Geddes

IPC: H04L9/40 ,  G06F16/23

Abstract: Systems and methods are disclosed for computer network threat assessment. For example, methods may include receiving from client networks respective threat data and storing the respective threat data in a security event database; maintaining affiliations for groups of the client networks; detecting correlation between a network threat and one of the groups; identifying an indicator associated with the network threat, and, dependent on the affiliation for the group, identifying a client network and generating a message, which conveys an alert to the client network, comprising the indicator; responsive to the message, receiving, from the client network, a report of detected correlation between the indicator and security event data maintained by the client network; and updating the security event database responsive to the report of detected correlation.

公开(公告)号：US10686805B2

公开(公告)日：2020-06-16

申请号：US15373662

申请日：2016-12-09

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok, Jr. ,  Jeffrey Rhines ,  Kurt Joseph Zettel, II ,  Henry Geddes

IPC: H04L29/06 ,  G06F16/23

Abstract: Systems and methods are disclosed for computer network threat assessment. For example, methods may include receiving from client networks respective threat data and storing the respective threat data in a security event database; maintaining affiliations for groups of the client networks; detecting correlation between a network threat and one of the groups; identifying an indicator associated with the network threat, and, dependent on the affiliation for the group, identifying a client network and generating a message, which conveys an alert to the client network, comprising the indicator; responsive to the message, receiving, from the client network, a report of detected correlation between the indicator and security event data maintained by the client network; and updating the security event database responsive to the report of detected correlation.

公开(公告)号：US20200314124A1

公开(公告)日：2020-10-01

申请号：US16902193

申请日：2020-06-15

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok, JR. ,  Jeffrey Rhines ,  Kurt Joseph Zettel, II ,  Henry Geddes

IPC: H04L29/06 ,  G06F16/23

Abstract: Systems and methods are disclosed for computer network threat assessment. For example, methods may include receiving from client networks respective threat data and storing the respective threat data in a security event database; maintaining affiliations for groups of the client networks; detecting correlation between a network threat and one of the groups; identifying an indicator associated with the network threat, and, dependent on the affiliation for the group, identifying a client network and generating a message, which conveys an alert to the client network, comprising the indicator; responsive to the message, receiving, from the client network, a report of detected correlation between the indicator and security event data maintained by the client network; and updating the security event database responsive to the report of detected correlation.

公开(公告)号：US09710644B2

公开(公告)日：2017-07-18

申请号：US14615202

申请日：2015-02-05

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok ,  Andreas Seip Haugsnes ,  Kurt Joseph Zettel, II ,  Jeffrey Rhines ,  Henry Geddes ,  Volodymyr Osypov ,  Scott Lewis ,  Sean Brady ,  Mark Manning

IPC: G06F3/00 ,  G06F21/55 ,  H04L29/06

CPC classification number: G06F21/552 ,  H04L63/145

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

公开(公告)号：US11222111B2

公开(公告)日：2022-01-11

申请号：US16827127

申请日：2020-03-23

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok ,  Andreas Seip Haugsnes ,  Kurt Joseph Zettel, II ,  Jeffrey Rhines ,  Henry Geddes ,  Volodymyr Osypov ,  Scott Lewis ,  Sean Brady ,  Mark Manning

IPC: G06F21/55 ,  H04L29/06

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

公开(公告)号：US20190034626A1

公开(公告)日：2019-01-31

申请号：US16151085

申请日：2018-10-03

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok ,  Andreis Seip Haugsnes ,  Kurt Joseph Zettel, II ,  Jeffrey Rhines ,  Henry Geddes ,  Volodymyr Osypov ,  Scott Lewis ,  Sean Brady ,  Mark Manning

IPC: G06F21/55 ,  H04L29/06

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

公开(公告)号：US10032020B2

公开(公告)日：2018-07-24

申请号：US15651924

申请日：2017-07-17

Applicant: ServiceNow, Inc.

Inventor： Richard Reybok ,  Andreis Seip Haugsnes ,  Kurt Joseph Zettel, II ,  Jeffrey Rhines ,  Henry Geddes ,  Volodymyr Osypov ,  Scott Lewis ,  Sean Brady ,  Mark Manning

IPC: G06F21/56 ,  G06F21/55 ,  H04L29/06

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.