Abstract: A server system in communication with a plurality of machines that form a linear communication orbit establishes a direct duplex connection between the server system and a first endpoint machine. The server system enrolls the first endpoint machine as a satellite endpoint machine, which enables the satellite endpoint machine to execute one or more function modules. Typically, the server system authenticates, via the direct duplex connection, the first endpoint machine, and, after authenticating the first endpoint machine, sends, to the first endpoint machine, an instruction for executing a function module. The server system receives a report including information obtained by the first endpoint machine executing the function module. At least one of the establishing a direct duplex connection, sending the instruction, and receiving the report includes sending or receiving a communication between the first endpoint machine and the server system via the linear communication orbit.

Abstract: Optimizing ingestion of security structured data into a graph database for security analytics is provided. A plurality of streams of information is received from a plurality of security information sources. Respective subsets of information are ingested from each of the plurality of security information sources to generate small subgraphs of security information. Each of the small subgraphs comply to a schema used by a master knowledge graph. A batch process is performed to ingest a plurality of small subgraphs into the master knowledge graph.

Abstract: Prioritizing security incidents for analysis is provided. A set of security information and event management data corresponding to each of a set of security incidents is retrieved. A source weight of a security incident and a magnitude of the security incident are used to determine a priority of the security incident within the set of security incidents. A local analysis of the security incident is performed based on the retrieved set of security information and event management data corresponding to the security incident and the determined priority of the security incident.

Abstract: Prioritizing security incidents for analysis is provided. A set of security information and event management data corresponding to each of a set of security incidents is retrieved. A source weight of a security incident and a magnitude of the security incident are used to determine a priority of the security incident within the set of security incidents. A local analysis of the security incident is performed based on the retrieved set of security information and event management data corresponding to the security incident and the determined priority of the security incident.

Abstract: Optimizing ingestion of security structured data into a graph database for security analytics is provided. A plurality of streams of information is received from a plurality of security information sources. Respective subsets of information are ingested from each of the plurality of security information sources to generate small subgraphs of security information. Each of the small subgraphs comply to a schema used by a master knowledge graph. A batch process is performed to ingest a plurality of small subgraphs into the master knowledge graph.