| 发明名称 |
Method And System For Reviewing Identified Threats For Performing Computer Security Monitoring |
| 摘要 |
A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly. |
| 申请公布号 |
US2017063901(A1) |
申请公布日期 |
2017.03.02 |
| 申请号 |
US201514928535 |
申请日期 |
2015.10.30 |
| 申请人 |
Splunk Inc. |
发明人 |
Muddu Sudhakar;Tryfonas Christos |
| 分类号 |
H04L29/06;G06N99/00 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computerized method comprising:
receiving event data associated with network activities by entities that interact with a computer network, wherein types of entities include at least one of devices, applications, and/or network users; identifying instances of potential network compromise automatically determined from the event data, wherein instances include threats and/or anomalies, and the identified instances are associated with at least one entity; automatically determining a score for each entity, wherein the score indicates a risk level based at least in part on the number and/or type of identified instances of potential network compromise associated with the entity; and causing display, in a graphical user interface, of an indication of the score for each of the entities. |
| 地址 |
San Francisco CA US |
