Automated security analytics platform with visualization agnostic selection linked portlets
First Claim
Patent Images
1. A method for presenting network security information at a display, the method comprising:
- storing the network security information directly from network sensors in an active memory, the network sensors applying publish and subscribe to link the output of at least some security modules to at least other security modules that relate network security information to security of the network;
applying a parent filter set to the network security information to select parent information for presentation in a parent portlet, the presented parent information relating to security of a network;
presenting the parent information in the parent portlet at the display with a selected of plural visualizations;
interacting through the display with the parent portlet to present a child portlet, the child portlet having at least the parent filter and at least one unique factor relative to the parent portlet, the presented child portlet relating to security of the network,wherein interacting through the display with the parent portlet further comprises;
selecting at the parent portlet plural types of information presented at the visualization;
in response to the selecting, generating a filter for each selected type of information; and
presenting each selected type of information in the child portlet with the unique factor of the information other than the selected types being filtered out of the presentation;
preselecting a visualization of the plural visualizations to use in the presenting of each selected type of information in the child portlet; and
automatically applying the preselected visualization upon the selecting.
8 Assignments
0 Petitions
Accused Products
Abstract
Visualization agnostic selection linked portlets provide a tree from a parent to one or more children that present each portlet with its own visualization and data synchronized with a root portlet based upon related filters. Each portlet uses its visualization to display a data set derived by applying its filter in conjunction with the filters of its ancestors. Each portlet then presents data that is at most the same size as its root in a visualization adapted to the child'"'"'s type and quantity of data.
12 Citations
18 Claims
-
1. A method for presenting network security information at a display, the method comprising:
-
storing the network security information directly from network sensors in an active memory, the network sensors applying publish and subscribe to link the output of at least some security modules to at least other security modules that relate network security information to security of the network; applying a parent filter set to the network security information to select parent information for presentation in a parent portlet, the presented parent information relating to security of a network; presenting the parent information in the parent portlet at the display with a selected of plural visualizations; interacting through the display with the parent portlet to present a child portlet, the child portlet having at least the parent filter and at least one unique factor relative to the parent portlet, the presented child portlet relating to security of the network, wherein interacting through the display with the parent portlet further comprises; selecting at the parent portlet plural types of information presented at the visualization; in response to the selecting, generating a filter for each selected type of information; and presenting each selected type of information in the child portlet with the unique factor of the information other than the selected types being filtered out of the presentation; preselecting a visualization of the plural visualizations to use in the presenting of each selected type of information in the child portlet; and automatically applying the preselected visualization upon the selecting. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for analyzing network telemetry information with a network security platform to detect network security threats, the system comprising:
-
a processor operable to process the network telemetry information by executing the network security platform to retrieve the network telemetry information from an active random access memory without a database structure, the network security platform relating at least some of the network telemetry information to each other in a logical tree by binding the network telemetry information to input and output specifications as the network telemetry information is stored in the active random access memory; an active random access memory interfaced with the processor, the memory storing the network telemetry information for access by the processor; a display interfaced with the processor for presenting the network telemetry information as visual images; a visualization module having plural visualizations to present network telemetry information as visual images, the visualization module operable to accept preselection of visualizations from the plural visualizations to use in presenting predetermined information and to automatically apply the preselected visualizations upon selection of presentation of the predetermined information; a portlet module operable to accept a visualization selection and a filter from a user and to apply the visualization selection and filter to the network telemetry information to present a portlet having an image at the display, the image representing filtered network telemetry information in the selected visualization; and a child portlet initiator associated with the portlet and operable to accept a user input to initiate presentation of a child portlet of the presented portlet with the portlet module, the child portlet having at least the filter and at least one unique factor relative to the presented portlet, the child portlet having an image at the display of the network telemetry information, the at least one unique factor determined by end user interaction with the parent portlet to select at the parent portlet plural types of information presented at the visualization, to generate a filter for each selected type of information and to present each selected type of information in the child portlet. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory machine readable medium comprising instructions operable to execute on a processor to manage network telemetry information presented at a display by:
-
receiving network telemetry information at an active memory; applying portions of the network telemetry information to security modules as the network telemetry information is received in the active memory by publishing and subscribing the network telemetry information identified by one or more output specifications to the security modules; deleting network telemetry information from the active memory that is not identified by the one or more output specifications; applying a parent filter set to the network telemetry information to select parent information for presentation in a parent portlet; presenting the parent information in the parent portlet at the display with a selected of plural visualizations; and accepting an input through the display at the parent portlet to present a child portlet, the child portlet having at least the parent filter and at least one unique factor relative to the parent portlet, the child portlet presenting an image representing network telemetry information filtered from the parent portlet; preselecting a visualization of the plural visualizations to use in the presenting of each selected type of information in the child portlet; and automatically applying the preselected visualization upon the child portlet presenting the image representing network telemetry information; wherein accepting an input through the display at the parent portlet to present a child portlet further comprises; selecting at the parent portlet plural types of information presented at the visualization; in response to the selecting, generating a filter for each selected type of information; and presenting each selected type of information in the child portlet with the parent information other than the selected types being filtered out of the presentation. - View Dependent Claims (17, 18)
-
Specification