Endpoint detection and response based on aggregated runtime execution data

Abstract

A system and method for improved endpoint detection and response (EDR) in a cloud computing environment by decreasing network bandwidth usage are presented. The method includes: configuring a resource in a cloud computing environment to deploy thereon a runtime sensor, the runtime sensor configured to detect runtime data of the resource; configuring the runtime sensor to detect in the runtime data a plurality of events, each event sharing a common value; configuring the runtime sensor to generate an aggregated event record based on the detected plurality of events having a common value; receiving the aggregated event record from the runtime sensor; generating a plurality of unmerged event records based on the aggregated event record; and storing the unmerged event records in a cloud computing storage.

CPC Classifications