Anomaly detection in enterprise threat detection
First Claim
1. A computer-implemented method, comprising:
- defining a selection of data types from available log data for an evaluation of events associated with an entity;
defining one or more evaluations associated with the entity;
generating reference data from the selection of data types based on the one or more defined evaluations;
grouping the one or more evaluations into a pattern;
defining a polygon for the entity based on values of one or more evaluations associated with the entity;
defining a two-dimensional (2D) coordinate system for calculating an area of a polygon placed into the 2D coordinate system and coordinates of a centroid of the calculated area of the polygon in the 2D coordinate system; and
initializing for display in a graphical user interface a three dimensional (3D) score diversity diagram visualization, wherein a point representing the entity in the visualization is localized in 3D space at a coordinate based on 2D coordinates in the 2D coordinate system of the centroid of the calculated area of the polygon placed into the 2D coordinate system and defined by the values of the one or more evaluations associated with the entity.
1 Assignment
0 Petitions
Accused Products
Abstract
A selection of data types is defined from available log data for an evaluation of events associated with an entity. One or more evaluations associated with the entity are defined and reference data is generated from the selection of data types based on the one or more defined evaluations. The one or more evaluations are grouped into a pattern. A three dimensional (3D) score diversity diagram visualization is initialized for display in a graphical user interface, where a point representing the entity in the visualization is localized in 3D space at a coordinate based on two-dimensional (2D) coordinates in a 2D coordinate system of a centroid of the calculated area of a polygon placed to into the 2D coordinate system and defined by the values of each evaluation associated with the entity.
199 Citations
15 Claims
-
1. A computer-implemented method, comprising:
-
defining a selection of data types from available log data for an evaluation of events associated with an entity; defining one or more evaluations associated with the entity; generating reference data from the selection of data types based on the one or more defined evaluations; grouping the one or more evaluations into a pattern; defining a polygon for the entity based on values of one or more evaluations associated with the entity; defining a two-dimensional (2D) coordinate system for calculating an area of a polygon placed into the 2D coordinate system and coordinates of a centroid of the calculated area of the polygon in the 2D coordinate system; and initializing for display in a graphical user interface a three dimensional (3D) score diversity diagram visualization, wherein a point representing the entity in the visualization is localized in 3D space at a coordinate based on 2D coordinates in the 2D coordinate system of the centroid of the calculated area of the polygon placed into the 2D coordinate system and defined by the values of the one or more evaluations associated with the entity. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
-
defining a selection of data types from available log data for an evaluation of events associated with an entity; defining one or more evaluations associated with the entity; generating reference data from the selection of data types based on the one or more defined evaluations; grouping the one or more evaluations into a pattern; defining a polygon for the entity based on values of one or more evaluations associated with the entity; defining a two-dimensional (2D) coordinate system for calculating an area of a polygon placed into the 2D coordinate system and coordinates of a centroid of the calculated area of the polygon in the 2D coordinate system; and initializing for display in a graphical user interface a three dimensional (3D) score diversity diagram visualization, wherein a point representing the entity in the visualization is localized in 3D space at a coordinate based on 2D coordinates in the 2D coordinate system of the centroid of the calculated area of the polygon placed into the 2D coordinate system and defined by the values of the one or more evaluations associated with the entity. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer-implemented system, comprising:
-
a computer memory; and a hardware processor interoperably coupled with the computer memory and configured to perform operations comprising; defining a selection of data types from available log data for an evaluation of events associated with an entity; defining one or more evaluations associated with the entity; generating reference data from the selection of data types based on the one or more defined evaluations; grouping the one or more evaluations into a pattern; defining a polygon for the entity based on values of one or more evaluations associated with the entity; defining a two-dimensional (2D) coordinate system for calculating an area of a polygon placed into the 2D coordinate system and coordinates of a centroid of the calculated area of the polygon in the 2D coordinate system; and initializing for display in a graphical user interface a three dimensional (3D) score diversity diagram visualization, wherein a point representing the entity in the visualization is localized in 3D space at a coordinate based on 2D coordinates in the 2D coordinate system of the centroid of the calculated area of the polygon placed into the 2D coordinate system and defined by the values of the one or more evaluations associated with the entity. - View Dependent Claims (12, 13, 14, 15)
-
Specification