×

Detection of potential security threats based on categorical patterns

  • US 10,091,227 B2
  • Filed: 11/01/2016
  • Issued: 10/02/2018
  • Est. Priority Date: 07/25/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method, comprising:

  • organizing, by a computer system, raw machine data collected from one or more remote hardware devices, into a set of searchable time-stamped events, wherein the collected raw machine data is produced by one or more components in an information technology environment and reflects activity in the information technology environment, wherein each event in the set of searchable time-stamped events is searchable based on its associated time stamp;

    executing, by the computer system, a search to identify a subset of the set of searchable time-stamped events satisfying search criteria that include a time stamp and that identify security-related events derived from raw machine data collected from remote hardware devices, and that fall more than a threshold distance from a defined statistical measure of a security-related data population;

    while or after identifying the subset of the set of searchable time-stamped events, applying a schema, by the computer system, to the raw machine data included in each event in the subset of the set of time-stamped searchable events to impose structure on the raw machine data and to extract a set of values that relate to a particular category;

    identifying, by the computer system, based on the particular category, one or more patterns among the set of values;

    generating a multi-dimensional data object based on the one or more patterns;

    determining, by the computer system, that a pattern of the one or more patterns occurs outside of a normal occurrence and indicates that a security threat exists, by analyzing data corresponding to the multi-dimensional data object to determine that the pattern occurs outside of the normal occurrence; and

    causing, by the computer system, graphical display of information relating to the one or more patterns that occur outside of the normal occurrence, including display of the multi-dimensional data object.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×