| 发明名称 | Correlation and consolidation of analytic data for holistic view of a malware attack | ||
| 摘要 | According to one embodiment, a method for correlating and consolidating analytic data to provide a holistic view of a malware attack. The method comprises receiving analytic data from a plurality of electronic devices. The analytic data from each electronic device of the plurality of electronic devices comprises input attributes and analysis attributes. Thereafter, the analytic data is correlated by determining whether a first analysis attribute provided by a first electronic device of the plurality of electronic devices matches a second analysis attribute provided by a second electronic device of the plurality of electronic devices. In response determining that the first analysis attribute provided by the first electronic device matches the second analysis attribute provided by the second electronic device, the input attributes associated with the first analysis attribute and the second analysis attribute are consolidated for subsequent display. | ||
| 申请公布号 | US9311479(B1) | 申请公布日期 | 2016.04.12 |
| 申请号 | US201313828785 | 申请日期 | 2013.03.14 |
| 申请人 | FireEye, Inc. | 发明人 | Manni Jayaraman;Eun Philip;Berrow Michael M. |
| 分类号 | G06F21/56;H04L29/06 | 主分类号 | G06F21/56 |
| 代理机构 | Rutan & Tucker, LLP | 代理人 | Rutan & Tucker, LLP ;Schaal William W. |
| 主权项 | 1. A method for detecting a malware attack and displaying information associated with suspicious network content pertaining to the malware attack, the method comprising: receiving analytic data including information associated with network content being monitored for malware, the analytic data being stored at least in a payload of a message from each of a plurality of electronic devices and including one or more input attributes and one or more analysis attributes; correlating the analytic data that comprises determining whether a first analysis attribute provided by a first electronic device of the plurality of electronic devices matches a second analysis attribute provided by a second electronic device of the plurality of electronic devices; responsive to determining that the first analysis attribute matches the second analysis attribute, consolidating input attributes associated with the first analysis attribute and the second analysis attribute for subsequent display; and outputting, for display, information representing the consolidated input attributes to identify that a first network content associated with the first analysis attribute received from the first electronic device is the same as or related to a second network content associated with the second analysis attribute received from the second electronic device. | ||
| 地址 | Milpitas CA US | ||