Some examples relate generally to computer architecture software for data classification and information security and, in some more particular aspects, to verifying audit events in a file system.

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is big data driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is big data driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Techniques for provisioning access data may include receiving, by a first application installed on a communication device, user input selecting an account to provision to a second application installed on the communication device. The first application may invoke the second application and send a session identifier (ID) to the second application. The second application may send a user ID associated with the second application, a device ID, and the session ID to the first application. The first application may then generate encrypted provisioning request data and send the encrypted provisioning request data to the second application. The second application may send the encrypted provisioning request data to a remote server computer to request access data that can be used to access a resource. The second application may receive the access data provided by the remote server computer based on validation of the encrypted provisioning request data.

Various embodiments relate to a method performed by a processor of a computing system. An example method includes receiving, by a computing system, an event. The event is associated with a digital signature in a first time-based message. The event signals a change to a property of the digital signature. The first time-based message includes a first trusted time stamp token from a timing authority. The first trusted time stamp token is generated using a first hash of digitally signed content, the digitally signed content generated by digitally signing content. The first time-based message is retrieved. A second hash of the first trusted time stamp token is generated. The second hash is transmitted to a timing authority. A second trusted time stamp token is received from the trusted timing authority in response to transmitting the second hash. A second time-based message is generated including the second trusted time stamp token.

Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to store a first recovery key for a first managed computing device. The first recovery key is configured to access an encrypted data store of the first managed computing device. A request is received for the first recovery key from a second managed computing device. The first recovery key is transmitted for display on the second managed computing device. A key rotation command is generated for a command queue of the first managed computing device to rotate the first recovery key after transmitting the first recovery key. The second recovery key is received from the second computing device.

A method for functionally secure connection identification for data exchange via a telegram between a source data service and a sink data service, wherein whether the time stamp of an incoming telegram is older than the time stamp of a predecessor telegram is determined, upon receipt of the predecessor telegram a monitoring counter being started and whether the currently incoming telegram has arrived within a monitoring time is additionally determined, where a local time stamp of a local time basis is compared with the associated time stamp of the incoming telegram and whether a comparison difference does not exceed a period of time is determined, a telegram arriving only being accepted as valid if the time stamp of the arriving telegram is greater than the time stamp of the telegram most recently accepted as valid, and data is valid if the checks are positive, otherwise a fail-safe reaction is triggered.

In one embodiment, a network security device monitors network communications between a computer and another computer. A periodicity of transmissions made by one computer to the other computer is determined, with the periodicity being used to identify candidate time point pairs having intervals that match the periodicity. A graph is constructed with time points of the candidate time point pairs as nodes and with intervals of time point pairs as edges. A longest path that continuously links one time point to another time point on the graph is compared to a threshold length to verify that the transmissions are periodic, and are thus potentially indicative of malicious network communications.

A threat detection system for a mobile communication system, and a global device and a local device thereof are provided. The threat detection system is used for detecting and defensing low and slow distributed denial-of-service (LSDDoS) attacks. The global device is located in a core network of the mobile communication system, and is used for training a tensor neural network (TNN) model to build a threat classifier. The threat classifier is used for the local device to identify a plurality of threat types. The local device inputs the to-be-identified data into the threat classifier to generate a classification result corresponding to one of the threat types.

Aspects of the disclosure relate to account lineage tracking and automatically executing responsive actions upon detecting an account lineage. A computing platform may receive a first account-change message from a source-level interceptor. The first account-change message may include information identifying a source account associated with a first computing device and identifying a first target account. The first target account may be associated with a target application configured to access the target database. The computing platform may receive a second account-change message from a database-level interceptor. The second account-change message may include information identifying the first target account as a database-level source account and identifying a second target account associated with one or more target databases. After receiving the first and second account-change messages, the computing platform may generate a notification comprising information associated with an account lineage between the source account and the second target account.