×

Interface providing an interactive timeline for evaluating instances of potential network compromise

  • US 10,193,901 B2
  • Filed: 10/30/2015
  • Issued: 01/29/2019
  • Est. Priority Date: 08/31/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving event data generated by network activities of entities that interact with a computer network, wherein the event data comprises machine data, and the entities include at least one of computer users and devices in communication with the computer network;

    identifying instances of potential network compromise from the event data comprising threats based on one or more anomalies automatically triggered by detecting deviations from expected or permitted network activities, wherein each of the instances of potential network compromise is classified by type and associated with a time period of occurrence and an entity or entities that participated in the network activity that triggered the corresponding automated determination;

    causing display, in a graphical user interface, of an interactive graphic of data values indicating identified instances of potential network compromise occurring at time periods along a timeline, including graphical representations indicating a level of risk and the number of instances of network compromise occurring during a same time period;

    upon receiving a selection by a user, via the graphical user interface, of a time period from the timeline, causing display of a listing of each identified instance of potential network compromise occurring at the selected time period, the listing including the type of instance and each associated entity; and

    upon receiving a selection of a threat from the listing of instances of potential network compromise, causing display of a graphical representation of a relationship between the entities participating in the network activities that triggered the threat, wherein the display includes one or more lines that connect the entities whose participation together in a network activity triggered an anomaly, and upon receiving a selection of a line in the display, causing the type of the anomaly to be displayed.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×