×

Graphical display of events indicating security threats in an information technology system

  • US 10,382,472 B2
  • Filed: 06/04/2018
  • Issued: 08/13/2019
  • Est. Priority Date: 07/31/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • extracting, by a computer system, one or more values from each event in a plurality of time-stamped, searchable events, wherein the one or more values are extracted from a field present in raw machine data in each event, the machine data having been produced by one or more components of an information technology environment and indicative of activity in the information technology environment;

    identifying events, in the plurality of time-stamped, searchable events, for which an extracted value of the field satisfies a security criterion;

    defining, by the computer system, the identified events as an event group;

    creating, by the computer system, an event group summary for the event group, wherein the event group summary includes an indication of at least the field for which the extracted value satisfies the security criterion; and

    causing, by the computer system, display of a plurality of event group summaries, including the event group summary, each event group summary corresponding to a distinct event group, wherein the plurality of event group summaries are indicative of potential security threats in the information technology environment, such that each event group summary as displayed includes an indication of at least one field for which extracted values satisfy a particular security criterion for all events in the corresponding event group.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×