Automated risk assessment based on machine generated investigation
First Claim
1. A method for monitoring network traffic using one or more network computers over one or more networks, wherein the execution of instructions by the one or more network computers perform the method comprising:
- providing information that is associated with one or more anomalies that are associated with one or more users over one or more portions of the monitored network traffic;
annotating the provided information to include one or more attributes based on one or more metrics that are associated with the one or more portions of the monitored network traffic;
employing the annotated anomaly information to determine a communication channel that is separate from the monitored network traffic and associated with the one or more users;
determining one or more investigative agents based on the annotated anomaly information; and
providing a report based on an evaluation of investigative information provided by the one or more investigative agents.
6 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to monitoring network traffic using a network computer. The network computer provides anomaly information associated with anomalies that may be associated with monitored network traffic. An inference engine may determine the users associated with the anomalies based on the monitored network traffic. A communication channel associated with the users may be determined based on the anomalies and the monitored network traffic such that the communication channel may be separate from the monitored network traffic. The communication channel may be employed to provide investigative agents to the users. Investigative information may be collected from the investigative agents over the communication channel. The inference engine may provide a risk value that is associated with the anomalies based on the investigative information.
21 Citations
28 Claims
-
1. A method for monitoring network traffic using one or more network computers over one or more networks, wherein the execution of instructions by the one or more network computers perform the method comprising:
-
providing information that is associated with one or more anomalies that are associated with one or more users over one or more portions of the monitored network traffic; annotating the provided information to include one or more attributes based on one or more metrics that are associated with the one or more portions of the monitored network traffic; employing the annotated anomaly information to determine a communication channel that is separate from the monitored network traffic and associated with the one or more users; determining one or more investigative agents based on the annotated anomaly information; and providing a report based on an evaluation of investigative information provided by the one or more investigative agents. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for monitoring network traffic in one or more networks:
-
one or more network computers, comprising; a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; providing information that is associated with one or more anomalies that are associated with one or more users over one or more portions of the monitored network traffic; annotating the provided information to include one or more attributes based on one or more metrics that are associated with the one or more portions of the monitored network traffic; employing the annotated anomaly information to determine a communication channel that is separate from the monitored network traffic and associated with the one or more users; determining one or more investigative agents based on the annotated anomaly information; and providing a report based on an evaluation of investigative information provided by the one or more investigative agents; and one or more client computers, comprising; a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; providing one or more of the one or more portions of the monitored network traffic. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A network computer for monitoring network traffic in one or more networks, comprising:
-
a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; providing information that is associated with one or more anomalies that are associated with one or more users over one or more portions of the monitored network traffic; annotating the provided information to include one or more attributes based on one or more metrics that are associated with the one or more portions of the monitored network traffic; employing the annotated anomaly information to determine a communication channel that is separate from the monitored network traffic and associated with the one or more users; determining one or more investigative agents based on the annotated anomaly information; and providing a report based on an evaluation of investigative information provided by the one or more investigative agents. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A processor readable non-transitory storage media that includes instructions for monitoring network traffic over one or more networks using one or more network monitoring computers, wherein execution of the instructions by the one or more network computers perform the method comprising:
-
providing information that is associated with one or more anomalies that are associated with one or more users over one or more portions of the monitored network traffic; annotating the provided information to include one or more attributes based on one or more metrics that are associated with the one or more portions of the monitored network traffic; employing the annotated anomaly information to determine a communication channel that is separate from the monitored network traffic and associated with the one or more users; determining one or more investigative agents based on the annotated anomaly information; and providing a report based on an evaluation of investigative information provided by the one or more investigative agents. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
Specification