Event views in data intake stage of machine data processing platform
First Claim
1. A method of enabling, on a computer platform, homogeneous access to event data, the method comprising:
- receiving, by a computer platform, event data representing a plurality of events on a computer network, each of the events corresponding to at least one category of a plurality of event categories; and
automatically editing the event data of each of the plurality of events to associate each of the events with at least one of a plurality of distinct, predefined, non-graphical programming access interfaces, based on an event category to which the event belongs, wherein said automatically editing the event data includes adding, to the event data of each event, a view identifier that corresponds uniquely to a particular one of the plurality of programming access interfaces, such that each of the plurality of programming access interfaces is subscribable by each of a plurality of programmatic entities by designation of the corresponding view identifier, wherein each of the plurality of programming access interfaces is defined to include a number of fields and/or a number of methods, said fields and/or methods allowing a downstream programmatic entity, by designation of the view identifier of any of the programming access interfaces together with a field or a method of said programming access interface, to receive information about an event, wherein the information corresponds to the designated view identifier and to the designated field or method,wherein each of the plurality of programming access interfaces is configured to extract, for a designated field, a particular set of information from the event data and/or to generate, for a designated method, a particular set of information based on the event data.
2 Assignments
0 Petitions
Accused Products
Abstract
A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.
-
Citations
27 Claims
-
1. A method of enabling, on a computer platform, homogeneous access to event data, the method comprising:
-
receiving, by a computer platform, event data representing a plurality of events on a computer network, each of the events corresponding to at least one category of a plurality of event categories; and automatically editing the event data of each of the plurality of events to associate each of the events with at least one of a plurality of distinct, predefined, non-graphical programming access interfaces, based on an event category to which the event belongs, wherein said automatically editing the event data includes adding, to the event data of each event, a view identifier that corresponds uniquely to a particular one of the plurality of programming access interfaces, such that each of the plurality of programming access interfaces is subscribable by each of a plurality of programmatic entities by designation of the corresponding view identifier, wherein each of the plurality of programming access interfaces is defined to include a number of fields and/or a number of methods, said fields and/or methods allowing a downstream programmatic entity, by designation of the view identifier of any of the programming access interfaces together with a field or a method of said programming access interface, to receive information about an event, wherein the information corresponds to the designated view identifier and to the designated field or method, wherein each of the plurality of programming access interfaces is configured to extract, for a designated field, a particular set of information from the event data and/or to generate, for a designated method, a particular set of information based on the event data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer system comprising:
-
a communication device; and a processor configured to cause the computer system to; receive, from the communication device, event data representing a plurality of events on a computer network, each of the events corresponding to at least one category of a plurality of event categories; and automatically edit the event data of each of the plurality of events to associate each of the events with at least one of a plurality of distinct, predefined, non-graphical programming access interfaces, based on an event category to which the event belongs, wherein automatically editing the event data includes adding, to the event data of each event, a view identifier that corresponds uniquely to a particular one of the plurality of programming access interfaces, such that each of the plurality of programming access interfaces is subscribable by each of a plurality of programmatic entities by designation of the corresponding view identifier, wherein each of the plurality of programming access interfaces is defined to include a number of fields and/or a number of methods, said fields and/or methods allowing a downstream programmatic entity, by designation of the view identifier of any of the programming access interfaces together with a field or a method of said programming access interface, to receive information about an event, wherein the information corresponds to the designated view identifier and to the designated field or method, wherein each of the plurality of programming access interfaces is configured to extract, for a designated field, a particular set of information from the event data and/or to generate, for a designated method, a particular set of information based on the event data. - View Dependent Claims (25, 26)
-
-
27. A non-transitory machine-readable storage medium for use in a processing system, the non-transitory machine-readable storage medium storing instructions, execution of which in the processing system causes the processing system to perform operations comprising:
-
receiving event data representing a plurality of events on a computer network, each of the events corresponding to at least one category of a plurality of event categories; and automatically editing the event data of each of the plurality of events to associate each of the events with at least one of a plurality of distinct, predefined, non-graphical programming access interfaces, based on an event category to which the event belongs, wherein said automatically editing the event data includes adding, to the event data of each event, a view identifier that corresponds uniquely to a particular one of the plurality of programming access interfaces, such that each of the plurality of programming access interfaces is subscribable by each of a plurality of programmatic entities by designation of the corresponding view identifier, wherein each of the plurality of programming access interfaces is defined to include a number of fields and/or a number of methods, said fields and/or methods allowing a downstream programmatic entity, by designation of the view identifier of any of the programming access interfaces together with a field or a method of said programming access interface, to receive information about an event, wherein the information corresponds to the designated view identifier and to the designated field or method, wherein each of the plurality of programming access interfaces is configured to extract, for a designated field, a particular set of information from the event data and/or to generate, for a designated method, a particular set of information based on the event data.
-
Specification