PRESENTATION OF THREAT HISTORY ASSOCIATED WITH NETWORK ACTIVITY
First Claim
1. A method comprising:
- maintaining, by a computing device, threat information in a database comprising one or more of firewall logs and historical threat logs;
receiving information regarding a plurality of threat filtering parameters, by the computing device, wherein the information includes one or more of types of threats to be extracted from the database, parameters of the threats, network-level details of the threats, a time interval of detection of the threats and source-destination details of the threats;
extracting, by the computing device, information regarding a plurality of threats from the database based on the plurality of threat filtering parameters; and
presenting, by the computing device, the extracted information in a form of a historical graph illustrating a number of threats by type during a particular period of time; and
receiving from a user, by the computing device, an indication regarding a selected subset of the particular period of time in which to zoom into for further details; and
responsive to the indication regarding the selected subset, presenting, by the computing device, a list of threats of the plurality of threats corresponding to the selected subset, wherein the list of threats is presented in tabular form, grouped and counted by type of threat and ordered by group in accordance with their associated risk levels.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for extracting, processing, displaying, and analyzing events that are associated with one or more threats are provided. According to one embodiment, threat information, including information from one or more of firewall logs and historical threat logs, is maintained in a database. Information regarding threat filtering parameters, including one or more of types of threats to be extracted from the database, parameters of the threats, network-level details of the threats, a time interval of detection of the threats and source-destination details of the threats, is received. Information regarding threats matching the threat filtering parameters are extracted from the database and is presented in a form of an interactive historical graph. Responsive to receiving from a user an indication regarding a selected subset of time in which to zoom into for further details, a list of threats within the selected subset is presented in tabular form.
139 Citations
22 Claims
-
1. A method comprising:
-
maintaining, by a computing device, threat information in a database comprising one or more of firewall logs and historical threat logs; receiving information regarding a plurality of threat filtering parameters, by the computing device, wherein the information includes one or more of types of threats to be extracted from the database, parameters of the threats, network-level details of the threats, a time interval of detection of the threats and source-destination details of the threats; extracting, by the computing device, information regarding a plurality of threats from the database based on the plurality of threat filtering parameters; and presenting, by the computing device, the extracted information in a form of a historical graph illustrating a number of threats by type during a particular period of time; and receiving from a user, by the computing device, an indication regarding a selected subset of the particular period of time in which to zoom into for further details; and responsive to the indication regarding the selected subset, presenting, by the computing device, a list of threats of the plurality of threats corresponding to the selected subset, wherein the list of threats is presented in tabular form, grouped and counted by type of threat and ordered by group in accordance with their associated risk levels. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
one or more processors; a communication interface device; one or more internal data storage devices operatively coupled to the one or more processors and storing; a threat history identification module configured to extract threat information from a database comprising one or more of firewall logs and historical threat logs; a threat history processing module configured to process the extracted threat information based on one or more of threats to be detected, parameters of threats to be presented, network level details of the threats, time interval for which threats are to be presented, and source-destination details of the threats; and a threat reporting module configured to report a plurality of threats selected from the one or more threats based on one or a combination of presentation parameters, timing parameters, and threat content parameters. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification