Systems, methods, user interfaces, and computer-readable media for investigating potential malicious communications

摘要

A data analysis system receives potentially undesirable electronic communications and automatically groups them in computationally-efficient data clusters, automatically analyze those data clusters, automatically tags and groups those data clusters, and provides results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the data clusters may include an automated application of various criteria or rules so as to generate an ordered display of the groups of related data clusters such that the analyst may quickly and efficiently evaluate the groups of data clusters. In particular, the groups of data clusters may be dynamically re-grouped and/or filtered in an interactive user interface so as to enable an analyst to quickly navigate among information associated with various groups of data clusters and efficiently evaluate those data clusters.

主权项

1. A computer system to identify electronic communications, the computer system comprising:
one or more computer readable storage devices configured to store: one or more software modules including computer executable instructions, records of first electronic communications to internal recipients within a local network for a period of time, the records reflecting, for each of the first electronic communications, a plurality of characteristics, and a plurality of prescreened electronic communications, at least some of the prescreened electronic communications in the first electronic communications, each prescreened electronic communication preliminarily identified as a potential undesirable electronic communication, and each prescreened electronic communication comprising the plurality of characteristics; and one or more hardware computer processors in communication with the one or more computer readable storage devices and configured to execute the one or more software modules in order to cause the computer system to: access, from the one or more computer readable storage devices, the plurality of prescreened electronic communications and the records; group, from the plurality of prescreened electronic communications, a data cluster of the prescreened electronic communications sharing a similar characteristic from the plurality of characteristics; based on a first characteristic associated with the data cluster and the same first characteristic of the records, identify recipients associated with the data cluster from the first electronic communications; based on one or more attributes of the data cluster, classify the data cluster with a classification reflecting a priority for assessing whether the prescreened electronic communications associated with the data cluster are undesirable electronic communications, such that, once initiated, the classifying is performed by the one or more hardware computer processors, without the need for manually performing the classifying, the classifying being based at least in part on a role of one or more of the recipients associated with the data cluster who are authorized to access the local network; generate user interface data for rendering an interactive user interface on a computing device, the interactive user interface including an element selectable by a user, the selectable element reflecting the classification; and update the user interface data such that, after the selectable element is selected by the user, the interactive user interface further includes informational data regarding the data cluster, the informational data reflecting the recipients associated with the data cluster.