×

Anomaly detection based on information technology environment topology

  • US 10,693,900 B2
  • Filed: 01/17/2019
  • Issued: 06/23/2020
  • Est. Priority Date: 01/30/2017
  • Status: Active Grant
First Claim
Patent Images

1. A computer implemented method comprising:

  • accessing a set of events associated with activity by a plurality of entities in an information technology (IT) environment, wherein each event in the set of events includes a portion of raw machine data that reflects activity in the IT environment and that is produced by a component of the IT environment, wherein each event is associated with a timestamp extracted from the raw machine data;

    determining a topology of the IT environment by processing at least some of the accessed set of events;

    generating an entity relationship graph based on the topology of the IT environment;

    wherein the entity relationship graph includes;

    a plurality of nodes representative of the plurality of entities in the IT environment; and

    edges connecting the plurality of nodes, the edges representing relationships and activity between entities represented by the plurality of nodes;

    wherein each edge includes a directionality that indicates a normal flow of communication between the entities represented by the nodes connected to the edge; and

    monitoring the entity relationship graph to detect an anomaly.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×