Deriving and surfacing insights regarding security threats is disclosed. A plurality of features associated with a message is determined. A plurality of facet models is used to analyze the determined features. Based at least in part on the analysis, it is determined that the message poses a security threat. A prioritized set of information is determined to be provided as output that is representative of why the message was determined to pose a security threat. At least a portion of the prioritized set of information is provided as output.

In some implementations, a device may train the model to generate embeddings for log files associated with an application, and to enable the model to generate embeddings for sensitive information included in a set of training log files. The device may receive a log file associated with the application. The device may generate a compressed log file including a set of embedding vectors associated with records included in the log file, where a record that includes sensitive information is associated with one or more embedding vectors for the sensitive information and one or more embedding vectors for other information included in the record. The device may store the compressed log file including the set of embedding vectors where a size of the compressed file is less than a size of the log file, and the embedding vectors obfuscate the records included in the log file.

Disclosed herein are embodiments providing query validation with automated query modification. In particular, the embodiments provide a computing system that receives a query and determines the query is sensitive. The computing system iteratively modifies the query until the query is not sensitive by modifying the query to increase a scope of the query, updating estimated query results based on the query as modified, and determining whether the query as modified is sensitive based on the estimated query results as updated. Upon determining that the query as modified is not sensitive, the computing system proceeds with the query as modified. Accordingly, the computing system improves query efficiency by automatically modifying a sensitive query.

A processor-implemented method securely responds to a query for information from a data graph. One or more processors create an embedding for encrypted sensitive information in vertices in a data graph; and bucketize embedded encrypted sensitive information on an embedding graph, where bucketizing the embedded encrypted sensitive information clusters vertices from the graph database that have shared data graph features. The processor(s) receive a query of the data graph from a requester, where the query is for information related to the shared data graph features. The processor(s) retrieve a bucket from the embedding graph that contains the information related to the shared data graph features; and extract encrypted sensitive information from the retrieved bucket.

A device may include one or more memories; and one or more processors, communicatively coupled to the one or more memories, to receive a query for data stored by a database; generate an abstract syntax tree based on the query; determine whether the abstract syntax tree matches a list, where the list identifies one or more abstract syntax trees corresponding to queries or types of queries; and selectively perform an action based on whether the abstract syntax tree matches the entry of the list.

Examples of the present disclosure describe systems and methods for sharing memory using a multi-ring shared, traversable and dynamic database. In aspects, the database may be synchronized and shared between multiple processes and/or operation mode protection rings of a system. The database may also be persisted to enable the management of information between hardware reboots and application sessions. The information stored in the database may be view independent, traversable, and resizable from various component views of the database. In some aspects, an event processor is additionally described. The event processor may use the database to allocate memory chunks of a shared heap to components/processes in one or more protection modes of the operating system.

A method for automated data access management can include creating a project that manages data access to data sources by a plurality of users, wherein each user has user attributes indicating data access policies for the data sources. The method can also include performing project equalization for the project, wherein the project equalization determines a set of user attributes shared by the users. Additionally, the method can include modifying the user attributes of each user for the project, wherein the user attributes of each user are modified to conform to the set of user attributes determined by the project equalization, and detecting a query to retrieve data from the data source. The method can include modifying the query to produce a modified query by applying the modified user attributes associated with the project to the query and retrieving the data from the data source based on the modified query.

First and second database accounts respectively share first and second source datasets with one another in a data clean room. The first database account stores a first approved-statements table that contains database statements that are permitted by the first database account to be executed against a combination of the shared first source dataset and the shared second source dataset. The second database account stores a second approved-statements table that contains database statements that are permitted by the second database account to be executed against the combination of the shared first source dataset and the shared second source dataset. One or more queries received from the first database account that are included in the second approved-statements table are processed, as are one or more queries received from the second database account that are included in the first approved-statements table.

An embodiment includes receiving, at database connectivity (DBC) layer, a request to access data of a data source, wherein the data source is registered with a data catalog that includes data governance artifacts, and wherein the request is made via a connection that bypasses the data catalog. The embodiment also includes comparing, by a governance manager at the DBC layer, an access privilege level for a credential associated with the request to access requirements of requested data included in data protection rules of the governance artifacts. The embodiment also includes masking, by the governance manager, a portion of the data provided in response to the request, wherein the portion of the data has an access requirement that is not met by the access privilege level for the credential associated with the request.

This application discloses an audit result data storage method and device, an audit result data query method and device, an audit item storage method and device, an electronic device and a medium. The method includes obtaining a first hash value of audit result data of a first user; signing the first hash value according to a private key of the first user to obtain first signature data; and transmitting the first signature data to an audit result data storage subsystem, the audit result data storage subsystem being configured to store data in the form of a blockchain.