DATA INSIGHTS PLATFORM FOR A SECURITY AND COMPLIANCE ENVIRONMENT
First Claim
1. A method to provide a data insights platform for a security and compliance environment, the method comprising:
- collecting a plurality of signals from a plurality of resources within a tenant'"'"'s hosted environment, wherein the collected plurality of signals are correlated at one or more levels based their content and context;
receiving a query associated with the collected plurality of signals;
focusing and filtering the query on a portion of the collected plurality of signals based on a context of the query in relation to the collected plurality of signals; and
replying to the query with a comprehensive analysis report based on the focused and filtered execution of the query on the portion of the collected plurality of signals.
1 Assignment
0 Petitions
Accused Products
Abstract
A multi-purpose platform may collect different types of signals such as metadata, documents, activities, etc. and correlate in a multi-stage evaluation framework in order to allow simple queries from components and clients of a compliance and security environment to be converted into rich analyses on available data. Various signals may be collected from tenant environment and correlated at multiple levels based on their content and context. Queries from components such as a threat intelligence manager, a data explorer module, or even clients of the system may be executed on the correlated data by focusing and/or filtering the queries based on the context, effectively converting a simple query to a comprehensive analysis. The platform may have intelligence to decide which type of data to run a query on based on the request and allow data investigations performing a chain-linked investigation that can go multiple levels deep.
18 Citations
20 Claims
-
1. A method to provide a data insights platform for a security and compliance environment, the method comprising:
-
collecting a plurality of signals from a plurality of resources within a tenant'"'"'s hosted environment, wherein the collected plurality of signals are correlated at one or more levels based their content and context; receiving a query associated with the collected plurality of signals; focusing and filtering the query on a portion of the collected plurality of signals based on a context of the query in relation to the collected plurality of signals; and replying to the query with a comprehensive analysis report based on the focused and filtered execution of the query on the portion of the collected plurality of signals. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A server configured to provide a data insights platform for a security and compliance environment, the server comprising:
-
a communication interface configured to facilitate communication between another server hosting a security and compliance service, one or more client devices, and the server; a memory configured to store instructions; and one or more processors coupled to the communication interface and the memory and configured to execute the data insights platform, wherein the data insights platform is configured to; collect a plurality of signals from a plurality of resources within a tenant'"'"'s hosted environment, wherein the collected plurality of signals are correlated at one or more levels based their content and context; receive a query associated with the collected plurality of signals; focus and filter the query on a portion of the collected plurality of signals based on a context of the query in relation to the collected plurality of signals; reply to the query with a comprehensive analysis report based on the focused and filtered execution of the query on the portion of the collected plurality of signals; and provide one or more of raw signals, filtered signals at one or more correlation levels, and signals generated during an aggregation of the collected plurality of signals to one or more of a data explorer module, an alert management module, and a threat intelligence module within the security and compliance service. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computer-readable memory device with instructions stored thereon to provide a data insights platform for a security and compliance environment, the instructions, when executed, configured to cause one or more computing devices to perform actions comprising:
-
collect a plurality of signals comprising documents, non-document content, communications, and activities and metadata associated with the documents, the non-document content, and the communications from a plurality of resources within a tenant'"'"'s hosted environment, wherein the collected plurality of signals are correlated at one or more levels based their content and a context of corresponding activities and metadata associated with the documents, the non-document content, and the communications; receive a query associated with the collected plurality of signals; focus and filter the query on a portion of the collected plurality of signals based on a context of the query in relation to the collected plurality of signals; and reply to the query with a comprehensive analysis report based on the focused and filtered execution of the query on the portion of the collected plurality of signals. - View Dependent Claims (20)
-
Specification