×

Interface providing an interactive trendline for a detected threat to facilitate evaluation for false positives

  • US 10,666,668 B2
  • Filed: 01/28/2019
  • Issued: 05/26/2020
  • Est. Priority Date: 08/31/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving event data generated by network activities of entities that interact with a computer network, wherein the event data comprises machine data, and the entities include computer users and/or devices in communication with the network;

    based upon the received event data as it is received,(i) automatically detecting anomalies indicating deviations from expected or permitted network activities, wherein each anomaly is classified by type and is associated with an entity or entities that participated in network activities and a date at which the detected anomaly occurred, and(ii) automatically detecting threats based upon at least one of a number, type, or timing of detected anomalies, and generating a listing of detected threats as pending threats against the computer network;

    upon receiving a user-selection of a detected threat, causing display, in a graphical user interface, of an interactive trendline, which indicates changes to the number of the occurrences of anomalies as a function of dates along the trendline to enable a user to visually depict a trend of the occurrences of the anomalies associated with the threat; and

    upon receiving a user-selection, via the graphical user interface, to resolve the detected threat as a false positive, deleting the threat from the listing of pending threats.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×