METHOD AND SYSTEM FOR AUTOMATED CYBERSECURITY INCIDENT AND ARTIFACT VISUALIZATION AND CORRELATION FOR SECURITY OPERATION CENTERS AND COMPUTER EMERGENCY RESPONSE TEAMS

摘要

A method and system is provided for visualizing and navigating cybersecurity information. A hypertree is displayed on a display device of a computerized system. The hypertree includes a plurality of nodes linked by edges, one or more of the nodes representing cybersecurity incidents, and one or more of the nodes representing elements or artifacts of cybersecurity incidents, the edges representing a specific relationship between the nodes linked by the edges. The computerized system displays an interactive navigation aid to enable a user to navigate the hypertree, and receives a navigation command from the user through the interactive navigation aid. The computerized system modifies the displayed hyerptree in response to the navigation command. The navigation command comprises selective elimination or restoration of edges or nodes on the hypertree so as to enable the user to readily visualize interrelationships between the displayed nodes that are significant to a cybersecurity investigation or response.

主权项

1. A method of visualizing and navigating cybersecurity information, comprising:
displaying a hypertree on a display device of a computerized system, comprising a plurality of nodes linked by edges, one or more of the nodes representing cybersecurity incidents, and one or more of the nodes representing elements or artifacts of cybersecurity incidents, the edges representing a specific relationship between the nodes linked by the edges; displaying, through the computerized system, an interactive navigation aid to enable a user to navigate the hypertree; receiving at the computerized system a navigation command from the user through the interactive navigation aid; and modifying the displayed hyerptree, by the computerized system, in response to the navigation command; wherein the navigation command comprises selective elimination or restoration of edges or nodes on the hypertree so as to enable the user to readily visualize interrelationships between the displayed nodes that are significant to a cybersecurity investigation or response.