×

EFFICIENT IDENTIFICATION OF LOG EVENTS IN ENTERPRISE THREAT DETECTION

  • US 20170180404A1
  • Filed: 12/22/2015
  • Published: 06/22/2017
  • Est. Priority Date: 12/22/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method, comprising:

  • identifying a first set of log entries;

    determining a plurality of log entry classes occurring in the first set of log entries, each log entry in a given log entry class having a same number, type, and ordering of components;

    determining, for each log entry class, a vector of component type identifiers for a given log entry class, each identifier in the vector identifying a position and type of a component included in a log entry belonging to the given log entry class;

    creating a classification tree using the vectors;

    identifying an unclassified log entry not included in the first set of log entries;

    assigning a log entry class to the unclassified log entry using the classification tree to create a classified log entry; and

    evaluating one or more security threat patterns using the classified log entry.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×