| 主权项 |
1. A computerized method comprising:
receiving event data associated with network activities by entities, wherein entities include devices, applications, and network users; identifying instances of potential network compromise by applying machine learning models to the event data, wherein instances include threats and/or anomalies; causing display, in a graphical user interface, of a user-selectable toggle to switch between a plurality of views, including at least one instances view comprising a listing of instances of potential network compromise and at least one entities view comprising a listing of the entities that participated in network activities that triggered determinations of potential network compromise, wherein each listed instance and entity is linked to a corresponding detailed view; upon receiving, via the graphical user interface, a user's selection of an instance, causing the graphical user interface to generate a detailed view comprising (i) additional data about the selected instance, including data identifying each entity associated with the selected instance, (ii) a prompt to take an action in response to the instance, and a prompt to tag the selected instance for future tracking; upon receiving, via the graphical user interface and in response to the prompt, a user's indication to take an action, providing feedback to a model training process thread to update the machine learning models for identifying future instances of potential network compromise; and upon receiving a selection by a user of a tag, associating the tag with the selected instance such that the tag is included (i) in response to subsequent requests to generate the detailed view of the selected instance and (ii) in response to requests to generate the detailed view of a selected entity associated with the selected instance. |
