摘要 |
A computer-implemented method for determining whether a computer network is compromised by unauthorized activity on the computer network. The computer-implemented method comprises identifying a behavioral anomaly of an entity on the computer network, classifying the anomaly as a system event based on an assigned score for the anomaly being at least at a predetermined score threshold, updating an incident based on at least one common parameter between the system event and other system events which comprise the incident, each system event of the incident including an assigned score from when the event was an anomaly, updating a system status based on at least the incident, and assigning a system status score to the system status, and, determining whether the system status score is at least at a predetermined threshold system status score indicating that the computer network may be compromised. |
主权项 |
1. A computer-implemented method for determining whether a computer network is compromised by unauthorized activity on the computer network, comprising:
identifying, by a computer system, a behavioral anomaly of an entity on the computer network; classifying, by the computer system, the anomaly as a system event based on an assigned score for the anomaly being at least at a predetermined score threshold; updating, by the computer system, an incident based on at least one common parameter between the system event and other system events which comprise the incident, each system event of the incident including an assigned score from when the event was an anomaly; updating, by the computer system, a system status based on at least the incident, and assigning a system status score to the system status; and determining, by the computer system, whether the system status score is at least at a predetermined threshold system status score indicating that the computer network may be compromised. |