Abstract: An application mapping procedure obtains and aggregates application mapping information from a plurality of machines in a distributed system. A first layer of application mapping information is generated, identifying application entry points, each comprising a machine and a process executed by the identified machine. An application map is initialized with the first layer of application mapping information. A plurality of iterations of a predefined map gathering operation are performed, each iteration adding a layer of application mapping information to the application map, thereby producing an application map of the distributed processing of one or more respective applications. Each iteration sends queries, via one or more linear communication orbits, to machines in the distributed system, and obtains from the machines information identifying entities that have participated in predefined communications with entities identified in a most recently generated or added layer of application mapping information.

Abstract: A method of updating software, performed by respective machines in a linear communication orbit includes, at a local server executed by a respective machine, receiving, via the linear communication orbit, update metadata. At an update module executed by the respective machine, an update module evaluates software version information using the update metadata to determine a set of one or more updates to be applied to one or more software programs. A patch module sends, via the linear communication orbit, requests for one or more software update files corresponding to the set of one or more updates, and receives the one or more software update files corresponding to the set of one or more updates. The update module then updates the one or more of the software programs by applying the received one or more software update files to the one or more of the software programs.

Abstract: A method of updating software, performed by respective machines in a linear communication orbit includes, at a local server executed by a respective machine, receiving, via the linear communication orbit, update metadata. At an update module executed by the respective machine, an update module evaluates software version information using the update metadata to determine a set of one or more updates to be applied to one or more software programs. A patch module sends, via the linear communication orbit, requests for one or more software update files corresponding to the set of one or more updates, and receives the one or more software update files corresponding to the set of one or more updates. The update module then updates the one or more of the software programs by applying the received one or more software update files to the one or more of the software programs.

Abstract: In a distributed system, each of N machines receives a similarity search query through a linear communication orbit. The similarity search query includes token identifiers corresponding to tokens in a target document. Each machine, in response, identifies files that meet predefined similarity criteria with respect to the target document. Subsequent to receiving the similarity search query, the machine generates a first report, including a count of files stored at the machine that meet the predefined similarity criteria with respect to the target document, and/or information identifying a set of files that meet the predefined similarity criteria with respect to the target document; and sends the first report to a server through the linear communication orbit. The server produces a merged report presenting information with respect to files at a set of machines, including the N machines, that meet the predefined similarity criteria with respect to the target document.

Abstract: A method of updating software, performed by respective machines in a linear communication orbit includes, at a local server executed by a respective machine, receiving, via the linear communication orbit, update metadata. At an update module executed by the respective machine, an update module evaluates software version information using the update metadata to determine a set of one or more updates to be applied to one or more software programs. A patch module sends, via the linear communication orbit, requests for one or more software update files corresponding to the set of one or more updates, and receives the one or more software update files corresponding to the set of one or more updates. The update module then updates the one or more of the software programs by applying the received one or more software update files to the one or more of the software programs.

Abstract: This application is directed to a mapping method performed at a computational machine in a linear communication orbit. The computational machine receives an application definition the linear communication orbit. The application definition specifies criteria for establishing whether the computational machine executes a specified application, a component of the specified application, or communicate with another node executing the specified application or a component of the specified application. While a plurality of events are occurring locally at the computational machine, the computational machine identifies one or more operations meeting the application definition in real-time. The identified one or more operations meeting the application definition, and associated metadata are stored in a local mapping database of the computational machine and returned to the server system through the linear communication orbit in response to a map request received through the linear communication orbit.

Abstract: A system and computer-readable storage medium perform a method for contextual inferring capacity for triggering a financial transaction by monitoring, via user device(s), objective contextual data of location, temporal, and volitional transaction information associated with an authorized user of a financial system. Subjective contextual data of personal calendar events, physiological data, and pacing of user interactions with the user device(s) is monitored. The objective and subjective contextual data is analyzed to create scenario(s) correlated with performing a volitional transaction. If not predictive a volitional transaction, a layer of security protocol is added for authentication prior to executing the volitional transaction. In response to determining that the current context is predictive of a volitional transaction, a determination is made whether the subjective contextual data satisfies criterion for incapacity to perform a volitional transaction.

Abstract: A local environment verification method, performed by a server of a computer network, includes injecting, into a linear communication orbit, a bundle of information items regarding deployment of a respective local environment verification framework at each of a first subset of nodes in the computer network. The bundle of information items is distributed to a respective node of the first subset of nodes through the linear communication orbit, and used to establish the respective local environment verification framework at the respective node of the first subset of nodes. The respective node of the first subset of nodes is configured to perform a set of local environment verifications using the respective local environment verification framework. The method further includes injecting, into the linear communication orbit, a query message to collect respective local results of the set of local environment verifications from the first subset of nodes.

Abstract: This application is directed to a mapping method performed at a computational machine in a linear communication orbit. The computational machine receives an application definition the linear communication orbit. The application definition specifies criteria for establishing whether the computational machine executes a specified application, a component of the specified application, or communicate with another node executing the specified application or a component of the specified application. While a plurality of events are occurring locally at the computational machine, the computational machine identifies one or more operations meeting the application definition in real-time. The identified one or more operations meeting the application definition, and associated metadata are stored in a local mapping database of the computational machine and returned to the server system through the linear communication orbit in response to a map request received through the linear communication orbit.

Abstract: A method of updating software, performed by respective machines in a linear communication orbit includes, at a local server executed by a respective machine, receiving, via the linear communication orbit, update metadata. At an update module executed by the respective machine, an update module evaluates software version information using the update metadata to determine a set of one or more updates to be applied to one or more software programs. A patch module sends, via the linear communication orbit, requests for one or more software update files corresponding to the set of one or more updates, and receives the one or more software update files corresponding to the set of one or more updates. The update module then updates the one or more of the software programs by applying the received one or more software update files to the one or more of the software programs.

Abstract: This application is directed to an integrity monitoring method performed at a computational machine in a linear communication orbit. The computational machine receives a watch list through the linear communication orbit. The watch list identifies objects for which events are to be monitored at the computational machine. While a plurality of events are occurring locally at the computational machine, the computational machine identifies the plurality of events in real-time. The identified events include events for the objects identified by the watch list, and event information for these identified events is stored in a local database of the computational machine. In response to an integrity reporting request received through the linear communication orbit, the computational machine identifies event information for at least some of the objects identified by the watch list in the local database, and returns the identified event information to a server system through the linear communication orbit.

Abstract: In a distributed system, each of N machines receives a similarity search query through a linear communication orbit. The similarity search query includes token identifiers corresponding to tokens in a target document. Each machine, in response, identifies files that meet predefined similarity criteria with respect to the target document. Subsequent to receiving the similarity search query, the machine generates a first report, including a count of files stored at the machine that meet the predefined similarity criteria with respect to the target document, and/or information identifying a set of files that meet the predefined similarity criteria with respect to the target document; and sends the first report to a server through the linear communication orbit. The server produces a merged report presenting information with respect to files at a set of machines, including the N machines, that meet the predefined similarity criteria with respect to the target document.

Abstract: A respective node in a linear communication orbit receives an instruction packet through the linear communication orbit, where the instruction packet has been propagated from a starting node to the respective node through one or more upstream nodes along the linear communication orbit, and the instruction packet includes an instruction for establishing a direct duplex connection between the respective node and a respective server. In response to receiving the instruction packet, the respective node sends an outbound connection request to the respective server to establish the direct duplex connection. The respective node then uploads local data to the respective server through the direct duplex connection (e.g., in response to one or more queries, instructions, and requests received from the respective server through the direct duplex connection), where the respective server performs analysis on the local data received from the respective node through the direct duplex connection.

Abstract: A method for evaluating indicators of compromise (IOCs) is performed at a device having one or more processors and memory. The method includes receiving respective specifications of a plurality of IOCs, wherein the respective specifications of each IOC of the plurality of IOCs includes a respective cost associated with evaluating the IOC. The method further includes dynamically determining an order for evaluating the plurality of IOCs based on the respective costs associated with the plurality of IOCs, and determining whether a threat is present based on results for evaluating one or more of the plurality of IOCs in accordance with the dynamically determined order, instead of an order by which the plurality of IOCs have been received at the device.

Abstract: A local environment verification method, performed by a server of a computer network, includes injecting, into a linear communication orbit, a bundle of information items regarding deployment of a respective local environment verification framework at each of a first subset of nodes in the computer network. The bundle of information items is distributed to a respective node of the first subset of nodes through the linear communication orbit, and used to establish the respective local environment verification framework at the respective node of the first subset of nodes. The respective node of the first subset of nodes is configured to perform a set of local environment verifications using the respective local environment verification framework. The method further includes injecting, into the linear communication orbit, a query message to collect respective local results of the set of local environment verifications from the first subset of nodes.

Abstract: A remote server dispatches an instruction packet to a node in a network through a linear communication orbit formed by a collection of nodes. The instruction packet propagates from node to node along the linear communication orbit until reaching the node. The instruction packet includes instructions for establishing a direct duplex connection between the node and the remote server. After dispatching the instruction packet to the node through the linear communication orbit, the remote server receives, from the node, a request for establishing the direct duplex connection. In response to receiving the request from the node, the remote server establishes the direct duplex connection. After establishing the direct duplex connection, the remote server issues instructions to the node to upload local data from the node to the remote server through the direct duplex connection.

Abstract: This application is directed to an integrity monitoring method performed at a computational machine in a linear communication orbit. The computational machine receives a watch list through the linear communication orbit. The watch list identifies objects for which events are to be monitored at the computational machine. While a plurality of events are occurring locally at the computational machine, the computational machine identifies the plurality of events in real-time. The identified events include events for the objects identified by the watch list, and event information for these identified events is stored in a local database of the computational machine. In response to an integrity reporting request received through the linear communication orbit, the computational machine identifies event information for at least some of the objects identified by the watch list in the local database, and returns the identified event information to a server system through the linear communication orbit.

Abstract: A respective node in a linear communication orbit receives an instruction packet through the linear communication orbit, where the instruction packet has been propagated from a starting node to the respective node through one or more upstream nodes along the linear communication orbit, and the instruction packet includes an instruction for establishing a direct duplex connection between the respective node and a respective server. In response to receiving the instruction packet, the respective node sends an outbound connection request to the respective server to establish the direct duplex connection. The respective node then uploads local data to the respective server through the direct duplex connection (e.g., in response to one or more queries, instructions, and requests received from the respective server through the direct duplex connection), where the respective server performs analysis on the local data received from the respective node through the direct duplex connection.

Abstract: A remote server dispatches an instruction packet to a node in a network through a linear communication orbit formed by a collection of nodes. The instruction packet propagates from node to node along the linear communication orbit until reaching the node. The instruction packet includes instructions for establishing a direct duplex connection between the node and the remote server. After dispatching the instruction packet to the node through the linear communication orbit, the remote server receives, from the node, a request for establishing the direct duplex connection. In response to receiving the request from the node, the remote server establishes the direct duplex connection. After establishing the direct duplex connection, the remote server issues instructions to the node to upload local data from the node to the remote server through the direct duplex connection.

Abstract: A method for evaluating indicators of compromise (IOCs) is performed at a device having one or more processors and memory. The method includes receiving respective specifications of a plurality of IOCs, wherein the respective specifications of each IOC of the plurality of IOCs includes a respective cost associated with evaluating the IOC. The method further includes dynamically determining an order for evaluating the plurality of IOCs based on the respective costs associated with the plurality of IOCs, and determining whether a threat is present based on results for evaluating one or more of the plurality of IOCs in accordance with the dynamically determined order, instead of an order by which the plurality of IOCs have been received at the device.