METHOD AND SYSTEM FOR AUTOMATED CYBERSECURITY INCIDENT AND ARTIFACT VISUALIZATION AND CORRELATION FOR SECURITY OPERATION CENTERS AND COMPUTER EMERGENCY RESPONSE TEAMS
First Claim
1. A method of visualizing and navigating cybersecurity information, comprising:
- displaying a hypertree on a display device of a computerized system, comprising a plurality of nodes linked by edges, one or more of the nodes representing cybersecurity incidents, and one or more of the nodes representing elements or artifacts of cybersecurity incidents, the edges representing a specific relationship between the nodes linked by the edges;
displaying, through the computerized system, an interactive navigation aid to enable a user to navigate the hypertree;
receiving at the computerized system a navigation command from the user through the interactive navigation aid; and
modifying the displayed hyerptree, by the computerized system, in response to the navigation command;
wherein the navigation command comprises selective elimination or restoration of edges or nodes on the hypertree so as to enable the user to readily visualize interrelationships between the displayed nodes that are significant to a cybersecurity investigation or response.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and system is provided for visualizing and navigating cybersecurity information. A hypertree is displayed on a display device of a computerized system. The hypertree includes a plurality of nodes linked by edges, one or more of the nodes representing cybersecurity incidents, and one or more of the nodes representing elements or artifacts of cybersecurity incidents, the edges representing a specific relationship between the nodes linked by the edges. The computerized system displays an interactive navigation aid to enable a user to navigate the hypertree, and receives a navigation command from the user through the interactive navigation aid. The computerized system modifies the displayed hyerptree in response to the navigation command. The navigation command comprises selective elimination or restoration of edges or nodes on the hypertree so as to enable the user to readily visualize interrelationships between the displayed nodes that are significant to a cybersecurity investigation or response.
34 Citations
18 Claims
-
1. A method of visualizing and navigating cybersecurity information, comprising:
-
displaying a hypertree on a display device of a computerized system, comprising a plurality of nodes linked by edges, one or more of the nodes representing cybersecurity incidents, and one or more of the nodes representing elements or artifacts of cybersecurity incidents, the edges representing a specific relationship between the nodes linked by the edges; displaying, through the computerized system, an interactive navigation aid to enable a user to navigate the hypertree; receiving at the computerized system a navigation command from the user through the interactive navigation aid; and modifying the displayed hyerptree, by the computerized system, in response to the navigation command; wherein the navigation command comprises selective elimination or restoration of edges or nodes on the hypertree so as to enable the user to readily visualize interrelationships between the displayed nodes that are significant to a cybersecurity investigation or response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus for visualizing and navigating cybersecurity information, comprising
a computerized processing system; - and
a visual display system; wherein the computerized processing system is programmed to display on the visual display system a hypertree comprising a plurality of nodes linked by edges, one or more of the nodes representing cybersecurity incidents, and one or more of the nodes representing elements or artifacts of cybersecurity incidents, the edges representing a specific relationship between the nodes linked by the edges; to display on the visual display system an interactive navigation aid to enable a user to navigate the hypertree; to receive a navigation command from the user through the interactive navigation aid; and to modify the displayed hyerptree, by the computerized system, in response to the navigation command; wherein the navigation command comprises selective elimination or restoration of edges or nodes on the hypertree so as to enable the user to readily visualize interrelationships between the displayed nodes that are significant to a cybersecurity investigation or response.
- and
-
18. A computer-readable, non-transitory, tangible medium comprising software that, when executed by a processor, causes the processor to perform a method of visualizing and navigating cybersecurity information, comprising:
-
displaying a hypertree on a display device of a computerized system, comprising a plurality of nodes linked by edges, one or more of the nodes representing cybersecurity incidents, and one or more of the nodes representing elements or artifacts of cybersecurity incidents, the edges representing a specific relationship between the nodes linked by the edges; displaying, through the computerized system, an interactive navigation aid to enable a user to navigate the hypertree; receiving at the computerized system a navigation command from the user through the interactive navigation aid; and modifying the displayed hyerptree, by the computerized system, in response to the navigation command; wherein the navigation command comprises selective elimination or restoration of edges or nodes on the hypertree so as to enable the user to readily visualize interrelationships between the displayed nodes that are significant to a cybersecurity investigation or response.
-
Specification