Analysis of complex relationships among information technology security-relevant entities using a network graph
First Claim
Patent Images
1. A computer-implemented method, comprising:
- selecting one or more log files containing Events associated with one or more entities for Enterprise Threat Detection (ETD) analysis;
selecting a filter from one or more filters defined for an ETD Network Graph;
fetching Events from the selected one or more log files based on the selected filter;
identifying entities based on the fetched Events;
determining relationships between the identified entities;
enabling tooltip functionality for Attribute values associated with one or more Events displayed in an ETD Event Series Chart and one or more displayed graphical elements in the ETD Network Graph;
displaying the determined relationships and identified entities in the ETD Network Graph;
selecting an identified entity to filter data in the ETD Event Series Chart;
selecting an Event in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog; and
selecting an Event Attribute in the Event Attribute Dialog to filter Events in the ETD Event Series Chart.
1 Assignment
0 Petitions
Accused Products
Abstract
A filter is selected from one or more filters defined for an ETD Network Graph. Events are fetched from the selected log files based on the selected filter and entities identified based on the fetched Events. Relationships are determined between the identified entities, and the determined relationships and identified entities are displayed in the ETD Network Graph. An identified entity is selected to filter data in an ETD Event Series Chart. An Event is selected in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog. An Event Attribute is selected in the Event Attribute Dialog to filter Events in the ETD Event Series Chart.
205 Citations
15 Claims
-
1. A computer-implemented method, comprising:
-
selecting one or more log files containing Events associated with one or more entities for Enterprise Threat Detection (ETD) analysis; selecting a filter from one or more filters defined for an ETD Network Graph; fetching Events from the selected one or more log files based on the selected filter; identifying entities based on the fetched Events; determining relationships between the identified entities; enabling tooltip functionality for Attribute values associated with one or more Events displayed in an ETD Event Series Chart and one or more displayed graphical elements in the ETD Network Graph; displaying the determined relationships and identified entities in the ETD Network Graph; selecting an identified entity to filter data in the ETD Event Series Chart; selecting an Event in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog; and selecting an Event Attribute in the Event Attribute Dialog to filter Events in the ETD Event Series Chart. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
-
selecting one or more log files containing Events associated with one or more entities for Enterprise Threat Detection (ETD) analysis; selecting a filter from one or more filters defined for an ETD Network Graph; fetching Events from the selected one or more log files based on the selected filter; identifying entities based on the fetched Events; determining relationships between the identified entities; enabling tooltip functionality for Attribute values associated with one or more Events displayed in an ETD Event Series Chart and one or more displayed graphical elements in the ETD Network Graph; displaying the determined relationships and identified entities in the ETD NetworkGraph; selecting an identified entity to filter data in the ETD Event Series Chart; selecting an Event in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog; and selecting an Event Attribute in the Event Attribute Dialog to filter Events in the ETD Event Series Chart. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer-implemented system, comprising:
-
one or more computers; and one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising; selecting one or more log files containing Events associated with one or more entities for Enterprise Threat Detection (ETD) analysis; selecting a filter from one or more filters defined for an ETD Network Graph; fetching Events from the selected one or more log files based on the selected filter; identifying entities based on the fetched Events; determining relationships between the identified entities; enabling tooltip functionality for Attribute values associated with one or more Events displayed in an ETD Event Series Chart and one or more displayed graphical elements in the ETD Network Graph; displaying the determined relationships and identified entities in the ETD Network Graph; selecting an identified entity to filter data in the ETD Event Series Chart; selecting an Event in the ETD Event Series Chart to display Event Attributes in an Event Attribute Dialog; and selecting an Event Attribute in the Event Attribute Dialog to filter Events in the ETD Event Series Chart. - View Dependent Claims (12, 13, 14, 15)
-
Specification