PRESENTATION OF THREAT HISTORY ASSOCIATED WITH NETWORK ACTIVITY
First Claim
1. A method comprising:
- maintaining, by a computing device of a private network, threat information in a database comprising one or more of firewall logs and historical threat logs, wherein the threat information includes information regarding security threats detected by one or more network security devices associated with the private network;
receiving one or more threat filtering parameters, by the computing device, wherein the one or more threat filtering parameters are selected from a group comprising a parameter specifying one or more types of threats, a parameter specifying one or more levels of severity of the threats, a parameter specifying a source interface, a parameter specifying a destination interface, a parameter specifying a time period associated with the threats and a parameter specifying a frequency of occurrence of the threats;
extracting, by the computing device, information regarding a plurality of threats from the database based on the one or more threat filtering parameters; and
presenting, by the computing device, the extracted information in a form of a interactive historical graph illustrating a number of threats by type of threat during the time period;
receiving from an administrator of the private network, by the computing device, an indication, via interaction with the interactive historical graph, regarding a selected subset of the time period in which to zoom into for further details; and
responsive to the indication regarding the selected subset, presenting, by the computing device, the further details in a form of a list of the plurality of threats corresponding to the selected subset, wherein the list of threats is grouped by the type of threat and ordered by group in accordance with associated levels of severity of the threats in the list of threats.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for extracting, processing, displaying, and analyzing events that are associated with one or more threats are provided. According to one embodiment, threat information, including information from one or more of firewall logs and historical threat logs, is maintained in a database. Information regarding threat filtering parameters is received. Information regarding threats matching the threat filtering parameters are extracted from the database and is presented in a form of an interactive historical graph. Responsive to receiving from an administrator an indication regarding a selected subset of time in which to zoom into for further details, a list of threats within the selected subset is presented in tabular form.
12 Citations
18 Claims
-
1. A method comprising:
-
maintaining, by a computing device of a private network, threat information in a database comprising one or more of firewall logs and historical threat logs, wherein the threat information includes information regarding security threats detected by one or more network security devices associated with the private network; receiving one or more threat filtering parameters, by the computing device, wherein the one or more threat filtering parameters are selected from a group comprising a parameter specifying one or more types of threats, a parameter specifying one or more levels of severity of the threats, a parameter specifying a source interface, a parameter specifying a destination interface, a parameter specifying a time period associated with the threats and a parameter specifying a frequency of occurrence of the threats; extracting, by the computing device, information regarding a plurality of threats from the database based on the one or more threat filtering parameters; and presenting, by the computing device, the extracted information in a form of a interactive historical graph illustrating a number of threats by type of threat during the time period; receiving from an administrator of the private network, by the computing device, an indication, via interaction with the interactive historical graph, regarding a selected subset of the time period in which to zoom into for further details; and responsive to the indication regarding the selected subset, presenting, by the computing device, the further details in a form of a list of the plurality of threats corresponding to the selected subset, wherein the list of threats is grouped by the type of threat and ordered by group in accordance with associated levels of severity of the threats in the list of threats. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processors of a computer system of a private network, causes the one or more processors to perform a method comprising:
-
maintaining threat information in a database comprising one or more of firewall logs and historical threat logs, wherein the threat information includes information regarding security threats detected by one or more network security devices associated with the private network; receiving one or more threat filtering parameters selected from a group comprising a parameter specifying one or more types of threats, a parameter specifying one or more levels of severity of the threats, a parameter specifying a source interface, a parameter specifying a destination interface, a parameter specifying a time period associated with the threats and a parameter specifying a frequency of occurrence of the threats; extracting information regarding a plurality of threats from the database based on the one or more threat filtering parameters; presenting the extracted information in a form of an interactive historical graph illustrating a number of threats by type of threat during the time period; and receiving from an administrator of the private network, an indication, via interaction with the interactive historical graph, regarding a selected subset of the time period in which to zoom into for further details; and responsive to the indication regarding the selected subset, presenting the further details in a form of a list of the plurality of threats corresponding to the selected subset, wherein the list of threats is grouped by the type of threat and ordered by group in accordance with associated levels of severity of the threats in the list of threats. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification