{"schema_version":"1.0","canonical_url":"https://patentable.app/patents/US-11258805","patent":{"patent_number":"US-11258805","title":"Computer-security event clustering and violation detection","assignee":null,"inventors":[],"filing_date":"2019-03-28T00:00:00.000Z","publication_date":"2022-02-22T00:00:00.000Z","cpc_codes":["G06F","G06F","G06F","G06F","G06F","G06N","G06N","G06N","G06N","H04L","H04L","H04L","H04W"],"num_claims":20,"abstract":"An event can be associated with a monitored computing device and a command-line record. An event vector can be determined for each of a plurality of events based at least in part on at least a portion of the respective command-line record and on a trained representation mapping. A respective reduced event vector can be determined having fewer elements. The reduced event vectors can be clustered to determine cluster identifiers. A first event can be determined to be associated with a security violation based on a corresponding cluster identifier matching a cluster identifier of a second event that is associated with a security violation. In some examples, a cluster can include a relatively larger first group of events and a relatively smaller second group of events. That cluster can be determined to satisfy a criterion based on the numbers of events in at least one of the groups."},"analysis":{"summary":null,"layman_explanation":null,"technical_analysis":null,"business_analysis":null,"faqs":null,"topics":[],"tech_cluster":null},"seo":{"title":"Computer-security event clustering and violation detection","description":"An event can be associated with a monitored computing device and a command-line record. An event vector can be determined for each of a plurality of events based at least in part on at least a portion","keywords":[]},"attribution":{"source":"Patentable","source_url":"https://patentable.app","canonical_url":"https://patentable.app/patents/US-11258805","license":"CC-BY-4.0-like","license_terms":"AI-generated analysis on this page (summary, layman_explanation, technical_analysis, business_analysis, faqs) may be reused with attribution and a visible link back to the canonical URL above. Patent abstracts, claims, and bibliographic data are USPTO public domain.","required_link":"https://patentable.app/patents/US-11258805","citation_suggestion":"Patentable. \"Computer-security event clustering and violation detection\" (US-11258805). https://patentable.app/patents/US-11258805","copyright_holder":"Nomic Interactive Technology LLC"},"links":{"html":"https://patentable.app/patents/US-11258805","json":"https://patentable.app/api/llm-context/US-11258805","site":"https://patentable.app","llms_txt":"https://patentable.app/llms.txt"},"generated_at":"2026-05-30T15:39:41.771Z"}