Risk monitoring system
First Claim
1. A computer-implemented method, comprising:
- displaying a representation of one or more risk objects and one or more logical operators via a user interface (UI), wherein each risk object of the one or more risk objects has a corresponding stored risk definition, the stored risk definition associating the risk object with raw machine data pertaining to the risk object, the raw machine data reflecting activity in an information technology (IT) environment;
receiving, via the UI, selections of a first risk object and a second risk object included in the one or more risk objects, the first risk object having a corresponding stored first risk definition and the second risk object having a corresponding stored second risk definition;
receiving, via the UI, a selection of a first logical operator included in the one or more logical operators, wherein the first logical operator defines a relationship between the first risk object and the second risk object;
in response to receiving the selections of the first risk object, the second risk object, and the first logical operator via the UI, including the first risk object, the second risk object, and the first logical operator in an object group that specifies a search of the raw machine data;
performing the search of the raw machine data according to the object group by receiving the first risk definition that corresponds to the first risk object and the second risk definition that corresponds to the second risk object, wherein a risk is identified based on the search of the raw machine data; and
performing an action based on identifying the risk.
1 Assignment
0 Petitions
Accused Products
Abstract
Various embodiments of the present invention set forth techniques for monitoring risk in a computing system. The technique includes creating one or more risk objects, where each risk object of the one or more risk objects has a corresponding stored risk definition, the stored risk definition associating the risk object with raw machine data pertaining to the risk object, the raw machine data reflecting activity in an information technology (IT) environment. The technique further includes receiving a selection of a first risk object included in the one or more risk objects and receiving a first risk definition that corresponds to the first risk object. The technique further includes performing a search of the raw machine data according to the first risk definition, wherein a risk is identified based on the search of the raw machine data and performing an action based on identifying the risk.
-
Citations
27 Claims
-
1. A computer-implemented method, comprising:
-
displaying a representation of one or more risk objects and one or more logical operators via a user interface (UI), wherein each risk object of the one or more risk objects has a corresponding stored risk definition, the stored risk definition associating the risk object with raw machine data pertaining to the risk object, the raw machine data reflecting activity in an information technology (IT) environment; receiving, via the UI, selections of a first risk object and a second risk object included in the one or more risk objects, the first risk object having a corresponding stored first risk definition and the second risk object having a corresponding stored second risk definition; receiving, via the UI, a selection of a first logical operator included in the one or more logical operators, wherein the first logical operator defines a relationship between the first risk object and the second risk object; in response to receiving the selections of the first risk object, the second risk object, and the first logical operator via the UI, including the first risk object, the second risk object, and the first logical operator in an object group that specifies a search of the raw machine data; performing the search of the raw machine data according to the object group by receiving the first risk definition that corresponds to the first risk object and the second risk definition that corresponds to the second risk object, wherein a risk is identified based on the search of the raw machine data; and performing an action based on identifying the risk. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium including instructions that, when executed by a processor, cause the processor to perform the steps of:
-
displaying a representation of one or more risk objects and one or more logical operators via a user interface (UI), wherein each risk object of the one or more risk objects has a corresponding stored risk definition, the stored risk definition associating the risk object with raw machine data pertaining to the risk object, the raw machine data reflecting activity in an information technology (IT) environment; receiving, via the UI, selections of a first risk object and a second risk object included in the one or more risk objects, the first risk object having a corresponding stored first risk definition and the second risk object having a corresponding stored second risk definition; receiving, via the UI, a selection of a first logical operator included in the one or more logical operators, wherein the first logical operator defines a relationship between the first risk object and the second risk object; in response to receiving the selections of the first risk object, the second risk object, and the first logical operator via the UI, including the first risk object, the second risk object, and the first logical operator in an object group that specifies a search of the raw machine data; performing the search of the raw machine data according to the object group by receiving the first risk definition that corresponds to the first risk object and the second risk definition that corresponds to the second risk object, wherein a risk is identified based on the search of the raw machine data; and performing an action based on identifying the risk. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A computing device, comprising:
-
a memory that includes instructions; and a processor that is coupled to the memory and, when executing the instructions, is configured to; displaying a representation of one or more risk objects and one or more logical operators via a user interface (UI), wherein each risk object of the one or more risk objects has a corresponding stored risk definition, the stored risk definition associating the risk object with raw machine data pertaining to the risk object, the raw machine data reflecting activity in an information technology (IT) environment; receive, via the UI, selections of a first risk object and a second risk object included in the one or more risk objects, the first risk object having a corresponding stored first risk definition and the second risk object having a corresponding stored second risk definition; receive, via the UI, a selection of a first logical operator included in the one or more logical operators, wherein the first logical operator defines a relationship between the first risk object and the second risk object; in response to receiving the selections of the first risk object, the second risk object, and the first logical operator via the UI, include the first risk object, the second risk object, and the first logical operator in an object group that specifies a search of the raw machine data; perform the search of the raw machine data according to the object group by receiving the first risk definition that corresponds to the first risk object and the second risk definition that corresponds to the second risk object, wherein a risk is identified based on the search of the raw machine data; and perform an action based on identifying the risk. - View Dependent Claims (24, 25, 26, 27)
-
Specification