Abstract: A system and method to use generative artificial intelligence to detect potential exfiltration events. A system for exfiltration analysis is configured to receive a plurality of file identifiers of a corresponding plurality of files, the plurality of files related to exfiltration alerts; store information about the plurality of files in a forensic file data store, the forensic file data store used to provide contextual information for a large language model (LLM); receive an exfiltration query from a user of the system; and produce a generative output using the LLM based on the exfiltration query and the contextual information.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for applications that detect indicators of data exfiltration through applications such as browser-based interfaces. The disclosed system monitors file system element events related to one or more target applications (such as browsers) through operating system interfaces. Once an event of interest is detected, the system interfaces with the browser to determine a context for the event of interest that may include a URL of a website that the user was visiting corresponding to the file system element event. If the URL is directed towards a prohibited site, a notification may be generated that may be used as a signal to alert an administrator. As used herein, a file system element may include a file, directory, folder, archive, blob, raw storage, metadata, or the like. File system element events may include copying, deleting, modifying, or moving a file system element.

Abstract: A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server. The method further includes sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials. The requesting management node can decrypt the encrypted credentials using a private key.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for applications that detect indicators of data exfiltration through applications such as browser-based interfaces. The disclosed system monitors file system element events related to one or more target applications (such as browsers) through operating system interfaces. Once an event of interest is detected, the system interfaces with the browser to determine a context for the event of interest that may include a URL of a website that the user was visiting corresponding to the file system element event. If the URL is directed towards a prohibited site, a notification may be generated that may be used as a signal to alert an administrator. As used herein, a file system element may include a file, directory, folder, archive, blob, raw storage, metadata, or the like. File system element events may include copying, deleting, modifying, or moving a file system element.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for applications that detect indicators of data exfiltration through applications such as browser-based interfaces. The disclosed system monitors file system element events related to one or more target applications (such as browsers) through operating system interfaces. Once an event of interest is detected, the system interfaces with the browser to determine a context for the event of interest that may include a URL of a website that the user was visiting corresponding to the file system element event. If the URL is directed towards a prohibited site, a notification may be generated that may be used as a signal to alert an administrator. As used herein, a file system element may include a file, directory, folder, archive, blob, raw storage, metadata, or the like File system element events may include copying, deleting, modifying, or moving a file system element.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for applications that detect indicators of data exfiltration through applications such as browser-based interfaces. The disclosed system monitors file system element events related to one or more target applications (such as browsers) through operating system interfaces. Once an event of interest is detected, the system interfaces with the browser to determine a context for the event of interest that may include a URL of a website that the user was visiting corresponding to the file system element event. If the URL is directed towards a prohibited site, a notification may be generated that may be used as a signal to alert an administrator. As used herein, a file system element may include a file, directory, folder, archive, blob, raw storage, metadata, or the like File system element events may include copying, deleting, modifying, or moving a file system element.

Abstract: System and techniques for dynamically building a file graph are described herein. Meta data is received for a first and a second file. An intersection of the first metadata set and the second metadata set is computed. An edge in a file graph is created based on the intersection. Then, after receiving a query about the first file, the second file is provided as a result to the query based on the edge in the file graph.

Abstract: A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server. The method further includes sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials. The requesting management node can decrypt the encrypted credentials using a private key.

Abstract: An apparatus includes a processor and a memory operatively coupled to the processor. The processor is configured to automatically send queries to client devices, and to receive responses from the client devices in response to the queries. The processor is configured to identify, based on the responses and on role information stored in an Active Directory database, roles of current users of the client devices and identify based on the roles security risks associated with the client devices. The roles can differ among users. The processor is configured to select a remedial action for at least one of the client devices based on the security risk associated with that client device, and is configured to implement the remedial action on that client device. The processor is configured to not select a remedial action for another of the client devices based on the security risk associated with that client device.

Abstract: A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server. The method further includes sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials. The requesting management node can decrypt the encrypted credentials using a private key.

Abstract: System and techniques for dynamically building a file graph are described herein. Meta data is received for a first and a second file. An intersection of the first metadata set and the second metadata set is computed. An edge in a file graph is created based on the intersection. Then, after receiving a query about the first file, the second file is provided as a result to the query based on the edge in the file graph.

Abstract: A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server. The method further includes sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials. The requesting management node can decrypt the encrypted credentials using a private key.

Abstract: A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server. The method further includes sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials. The requesting management node can decrypt the encrypted credentials using a private key.

Abstract: A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server. The method further includes sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials. The requesting management node can decrypt the encrypted credentials using a private key.

Abstract: A method for providing a context sensitive information technology (IT) management prescription is described. In response to a user request, a scan is performed on a target computing environment and data is collected from the scan. The data is forwarded to a cloud based entity. At the cloud based entity the data is parsed in accordance with a dynamic set of rules to determine an IT management prescription specific to the context of the target computing environment. The IT management prescription is provided for access by the user.

Abstract: In a method of testing a software item, a graphical user interface is presented for scheduling a test of the software item. Specified information regarding conduct of a test is received via the graphical user interface. The specified information includes a test time for initiating the test. The test is initiated at the test time.

Abstract: In a method of testing a software item, a graphical user interface is presented for scheduling a test of the software item. Specified information regarding conduct of a test is received via the graphical user interface. The specified information includes a test time for initiating the test. The test is initiated at the test time.