Patents by Inventor James Robert Plush
James Robert Plush has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11960470Abstract: A digital security system can store data associated with entities in resolver trees. If the digital security system determines that two resolver trees are likely representing the same entity, the digital security system can use a merge operation to merge the resolver trees into a single resolver tree that represents the entity. The single resolver tree can include a merge node indicating a merge identifier of the merge operation. Nodes containing information merged into the resolver tree from another resolver tree during the merge operation can be tagged with the corresponding merge identifier. Accordingly, if the merge operation is to be undone, for instance if subsequent information indicates that the entries are likely separate entities, the resolver tree can be unmerged and the nodes tagged with the merge identifier can be restored to a separate resolver tree.Type: GrantFiled: January 14, 2022Date of Patent: April 16, 2024Assignee: CROWDSTRIKE, INC.Inventors: James Robert Plush, Timothy Jason Berger, Ramnath Venugopalan
-
Publication number: 20240061844Abstract: An event query host can include an event processor configured to process an event stream indicating events that occurred on a computing device. The event processor can add representations of events to an event graph. If an event added to the event graph is a trigger event associated with a query, the event processor can also add an instance of the query to a query queue. The query queue can be sorted based on scheduled execution times of query instances. At a scheduled execution time of a query instance in the query queue, a query manager of the event query host can execute the query instance and attempt to find a corresponding pattern of one or more events in the event graph.Type: ApplicationFiled: October 27, 2023Publication date: February 22, 2024Inventors: Brent Ryan Nash, Timothy Jason Berger, Hyacinth D. Diehl, James Robert Plush
-
Patent number: 11836137Abstract: An event query host can include an event processor configured to process an event stream indicating events that occurred on a computing device. The event processor can add representations of events to an event graph. If an event added to the event graph is a trigger event associated with a query, the event processor can also add an instance of the query to a query queue. The query queue can be sorted based on scheduled execution times of query instances. At a scheduled execution time of a query instance in the query queue, a query manager of the event query host can execute the query instance and attempt to find a corresponding pattern of one or more events in the event graph.Type: GrantFiled: May 19, 2021Date of Patent: December 5, 2023Assignee: CrowdStrike, Inc.Inventors: Brent Ryan Nash, James Robert Plush, Timothy Jason Berger, Hyacinth D. Diehl
-
Publication number: 20230297690Abstract: A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.Type: ApplicationFiled: April 12, 2023Publication date: September 21, 2023Inventors: David F. Diehl, James Robert Plush, Timothy Jason Berger
-
Publication number: 20230229652Abstract: A digital security system can store data associated with entities in resolver trees. If the digital security system determines that two resolver trees are likely representing the same entity, the digital security system can use a merge operation to merge the resolver trees into a single resolver tree that represents the entity. The single resolver tree can include a merge node indicating a merge identifier of the merge operation. Nodes containing information merged into the resolver tree from another resolver tree during the merge operation can be tagged with the corresponding merge identifier. Accordingly, if the merge operation is to be undone, for instance if subsequent information indicates that the entries are likely separate entities, the resolver tree can be unmerged and the nodes tagged with the merge identifier can be restored to a separate resolver tree.Type: ApplicationFiled: January 14, 2022Publication date: July 20, 2023Inventors: James Robert Plush, Timothy Jason Berger, Ramnath Venugopalan
-
Patent number: 11645397Abstract: A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.Type: GrantFiled: April 15, 2020Date of Patent: May 9, 2023Assignee: Crowd Strike, Inc.Inventors: David F. Diehl, James Robert Plush, Timothy Jason Berger
-
Publication number: 20220374434Abstract: An event query host can include an event processor configured to process an event stream indicating events that occurred on a computing device. The event processor can add representations of events to an event graph. If an event added to the event graph is a trigger event associated with a query, the event processor can also add an instance of the query to a query queue. The query queue can be sorted based on scheduled execution times of query instances. At a scheduled execution time of a query instance in the query queue, a query manager of the event query host can execute the query instance and attempt to find a corresponding pattern of one or more events in the event graph.Type: ApplicationFiled: May 19, 2021Publication date: November 24, 2022Inventors: Brent Ryan Nash, James Robert Plush, Timothy Jason Berger, Hyacinth D. Diehl
-
Publication number: 20210326452Abstract: A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.Type: ApplicationFiled: April 15, 2020Publication date: October 21, 2021Inventors: David F. Diehl, James Robert Plush, Timothy Jason Berger
-
Patent number: 9798882Abstract: A model representing system components and events of a plurality of monitored devices as data objects is described herein. The model resides on a security service cloud and is updated in substantially real-time, as security-relevant information about the system components and events is received by the security service cloud. Each data object in the model has a scope and different actions are taken by security service cloud modules depending on different data object scopes. Further, the security service cloud maintains a model specific to each monitored device built in substantially real-time as the security-relevant information from that device is received. The security service cloud utilizes these device-specific models to detect security concerns and respond to those concerns in substantially real-time.Type: GrantFiled: June 6, 2014Date of Patent: October 24, 2017Assignee: CrowdStrike, Inc.Inventors: David Frederick Diehl, Leif Air Fire Grosch Jackson, James Robert Plush
-
Publication number: 20150356301Abstract: A model representing system components and events of a plurality of monitored devices as data objects is described herein. The model resides on a security service cloud and is updated in substantially real-time, as security-relevant information about the system components and events is received by the security service cloud. Each data object in the model has a scope and different actions are taken by security service cloud modules depending on different data object scopes. Further, the security service cloud maintains a model specific to each monitored device built in substantially real-time as the security-relevant information from that device is received. The security service cloud utilizes these device-specific models to detect security concerns and respond to those concerns in substantially real-time.Type: ApplicationFiled: June 6, 2014Publication date: December 10, 2015Inventors: David Frederick Diehl, Leif Air Fire Grosch Jackson, James Robert Plush