BLACKLISTING AND WHITELISTING OF SECURITY-RELATED EVENTS
First Claim
1. A method, comprising:
- creating an event group from a plurality of events, each event in the event group matching criteria relating to one or more fields;
determining an event group summary, the summary summarizing one or more fields of the events in the event group;
displaying a plurality of event group summaries including the event group summary;
based on user input, placing a selected event group summary on a whitelist or a blacklist, wherein placing the selected event group summary on the whitelist removes the selected event group summary from the displayed plurality of event group summaries, and wherein placing the selected event group summary on the blacklist changes a visual appearance of the selected event group summary among the displayed plurality of event group summaries.
1 Assignment
0 Petitions
Accused Products
Abstract
A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.
37 Citations
27 Claims
-
1. A method, comprising:
-
creating an event group from a plurality of events, each event in the event group matching criteria relating to one or more fields; determining an event group summary, the summary summarizing one or more fields of the events in the event group; displaying a plurality of event group summaries including the event group summary; based on user input, placing a selected event group summary on a whitelist or a blacklist, wherein placing the selected event group summary on the whitelist removes the selected event group summary from the displayed plurality of event group summaries, and wherein placing the selected event group summary on the blacklist changes a visual appearance of the selected event group summary among the displayed plurality of event group summaries. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus, comprising:
-
a subsystem, implemented at least partially in hardware, that creates an event group from a plurality of events, each event in the event group matching criteria relating to one or more fields; a subsystem, implemented at least partially in hardware, that determines an event group summary, the summary summarizing one or more fields of the events in the event group; a subsystem, implemented at least partially in hardware, that displays a plurality of event group summaries including the event group summary; a list subsystem, implemented at least partially in hardware, that, based on user input, places a selected event group summary on a whitelist or a blacklist, wherein when the list subsystem places the selected event group summary on the whitelist the list subsystem removes the selected event group summary from the displayed plurality of event group summaries, and wherein when the list subsystem places the selected event group summary on the blacklist the list subsystem changes a visual appearance of the selected event group summary among the displayed plurality of event group summaries. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer readable medium, storing software instructions, which when executed by one or more processors cause performance of:
-
creating an event group from a plurality of events, each event in the event group matching criteria relating to one or more fields; determining an event group summary, the summary summarizing one or more fields of the events in the event group; displaying a plurality of event group summaries including the event group summary; based on user input, placing a selected event group summary on a whitelist or a blacklist, wherein placing the selected event group summary on the whitelist removes the selected event group summary from the displayed plurality of event group summaries, and wherein placing the selected event group summary on the blacklist changes a visual appearance of the selected event group summary among the displayed plurality of event group summaries. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification