Systems and methods for interactive analytics of internet traffic

US 9,003,023 B2
Filed: 06/13/2012
Issued: 04/07/2015
Est. Priority Date: 06/13/2012
Status: Active Grant

First Claim

Patent Images

1. A computer implemented interactive analytics method, comprising:

logging data traffic between a plurality of users and an external network in a log system, wherein the logging is performed by a cloud based system;

receiving a first request for interactive analytics of the logged data traffic, wherein the first request comprises a date range, a visualization type, and a grouping;

obtaining data traffic from the log system responsive to the first request;

formatting the obtained data traffic based on the date range, the visualization type, and the grouping to provide a first interaction based on the first request;

displaying the first interaction;

storing the first interaction in a history list;

monitoring the data traffic between the plurality of users and the external network via the cloud based system, wherein the monitoring is independent of location, device type, and operating system of each of the plurality of users;

receiving a plurality of additional requests for interactive analytics of the logged data traffic, obtaining data traffic from the log system responsive to the each of the plurality of additional requests, formatting the obtained data traffic to provide a plurality of additional interactions each based on the plurality of additional requests, and storing the plurality of additional interactions in the history list; and

receiving a selection of any interaction in the history list, displaying the selection, receiving a request to modify the selection, and if the selection is not the last interaction in the history list, deleting all subsequent interactions in the history list based on the modified selection.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer implemented method, a cloud system, and a log system provide interactive analytics providing various intuitive mechanisms for interaction with data visualizations of Internet traffic, email, etc. The methods and systems utilize a cloud based monitoring system where all traffic from an organization may be monitored in a location and platform independent manner. The methods and systems include context-aware drilldown with progressively applied filtering and grouping while maintaining workflow history such that a user can go back to any point in the flow and proceed down a new path of investigation.

Citations

14 Claims

1. A computer implemented interactive analytics method, comprising:
- logging data traffic between a plurality of users and an external network in a log system, wherein the logging is performed by a cloud based system;
  
  receiving a first request for interactive analytics of the logged data traffic, wherein the first request comprises a date range, a visualization type, and a grouping;
  
  obtaining data traffic from the log system responsive to the first request;
  
  formatting the obtained data traffic based on the date range, the visualization type, and the grouping to provide a first interaction based on the first request;
  
  displaying the first interaction;
  
  storing the first interaction in a history list;
  
  monitoring the data traffic between the plurality of users and the external network via the cloud based system, wherein the monitoring is independent of location, device type, and operating system of each of the plurality of users;
  
  receiving a plurality of additional requests for interactive analytics of the logged data traffic, obtaining data traffic from the log system responsive to the each of the plurality of additional requests, formatting the obtained data traffic to provide a plurality of additional interactions each based on the plurality of additional requests, and storing the plurality of additional interactions in the history list; and
  
  receiving a selection of any interaction in the history list, displaying the selection, receiving a request to modify the selection, and if the selection is not the last interaction in the history list, deleting all subsequent interactions in the history list based on the modified selection.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - monitoring Hypertext Transfer Protocol, Hypertext Transfer Protocol Secure, and email traffic associated with the plurality of users.
  - 3. The method of claim 1, further comprising:
    - compressing the monitored data traffic using a plurality of compression techniques prior to logging the data traffic in the log system.
  - 4. The method of claim 1, further comprising:
    - receiving a second request for interactive analytics of the logged data traffic, wherein the second request comprises a modification of the first request;
      
      obtaining data traffic from the log system responsive to the second request;
      
      formatting the obtained data traffic based on the modification to provide a second interaction based on the second request;
      
      displaying the second interaction;
      
      storing the second interaction in the history list.
  - 5. The method of claim 1, further comprising:
    - receiving a selection of any interaction in the history list;
      
      displaying the selection;
      
      receiving an additional request for interactive analytics of the logged data traffic, wherein the additional request comprises a modification of the selection;
      
      obtaining data traffic from the log system responsive to the additional request;
      
      formatting the obtained data traffic to provide the additional request.
  - 6. The method of claim 1, wherein the data traffic comprises Hypertext Transfer Protocol or Hypertext Transfer Protocol Secure traffic;
    - wherein the visualization type comprises one of a bar chart, a pie chart, a line chart, a totals lists, a summary table, and a table of transactions; and
      
      wherein the grouping comprises one of Application Class, Threat Class, Basic Threat Class, Basic Threat Type, Data Leakage Prevention (DLP) Class, DLP Dictionary, DLP Engine, Instant Message (IM) Direction, Location, Social Direction, Department, User Direction, Uniform Resource Locator (URL) Class, URL Category, URL Super-Category, Action, Web Application, Webmail Direction, and Domain.
  - 7. The method of claim 1, wherein the data traffic comprises email traffic;
    - wherein the visualization type comprises a table of transactions; and
      
      wherein the grouping comprises any of action, direction, user, domain, department, and email type.

8. A computer implemented interactive analytics method, comprising:
- logging data traffic between a plurality of users and an external network in a log system, wherein the logging is performed by a cloud based system;
  
  receiving a first request for interactive analytics of the logged data traffic, wherein the first request comprises a date range, a visualization type, and a grouping;
  
  obtaining data traffic from the log system responsive to the first request;
  
  formatting the obtained data traffic based on the date range, the visualization type, and the grouping to provide a first interaction based on the first request;
  
  displaying the first interaction;
  
  storing the first interaction in a history list;
  
  monitoring the data traffic between the plurality of users and the external network via the cloud based system, wherein the monitoring is independent of location, device type, and operating system of each of the plurality of users;
  
  receiving a plurality of additional requests for interactive analytics of the logged data traffic, obtaining data traffic from the log system responsive to the each of the plurality of additional requests, formatting the obtained data traffic to provide a plurality of additional interactions each based on the plurality of additional requests, and storing the plurality of additional interactions in the history list;
  
  wherein the data traffic comprises email traffic;
  
  wherein the visualization type comprises a table of transactions; and
  
  wherein the grouping comprises any of action, direction, user, domain, department, and email type.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - monitoring Hypertext Transfer Protocol, Hypertext Transfer Protocol Secure, and email traffic associated with the plurality of users.
  - 10. The method of claim 8, further comprising:
    - compressing the monitored data traffic using a plurality of compression techniques prior to logging the data traffic in the log system.
  - 11. The method of claim 8, further comprising:
    - receiving a second request for interactive analytics of the logged data traffic, wherein the second request comprises a modification of the first request;
      
      obtaining data traffic from the log system responsive to the second request;
      
      formatting the obtained data traffic based on the modification to provide a second interaction based on the second request;
      
      displaying the second interaction;
      
      storing the second interaction in the history list.
  - 12. The method of claim 8, further comprising:
    - receiving a selection of any interaction in the history list;
      
      displaying the selection, receiving a request to modify the selection; and
      
      if the selection is not the last interaction in the history list, deleting all subsequent interactions in the history list based on the modified selection.
  - 13. The method of claim 8, further comprising:
    - receiving a selection of any interaction in the history list;
      
      displaying the selection;
      
      receiving an additional request for interactive analytics of the logged data traffic, wherein the additional request comprises a modification of the selection;
      
      obtaining data traffic from the log system responsive to the additional request;
      
      formatting the obtained data traffic to provide the additional request.
  - 14. The method of claim 8, wherein the data traffic comprises Hypertext Transfer Protocol or Hypertext Transfer Protocol Secure traffic;
    - wherein the visualization type comprises one of a bar chart, a pie chart, a line chart, a totals lists, a summary table, and a table of transactions; and
      
      wherein the grouping comprises one of Application Class, Threat Class, Basic Threat Class, Basic Threat Type, Data Leakage Prevention (DLP) Class, DLP Dictionary, DLP Engine, Instant Message (IM) Direction, Location, Social Direction, Department, User Direction, Uniform Resource Locator (URL) Class, URL Category, URL Super-Category, Action, Web Application, Webmail Direction, and Domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zscaler Incorporated
Original Assignee
Zscaler Incorporated
Inventors
Crank, Samuel John, Hazarika, Upasona Kath
Primary Examiner(s)
Bates, Kevin
Assistant Examiner(s)
Patel, Ronak

Application Number

US13/495,537
Publication Number

US 20130339514A1
Time in Patent Office

1,028 Days
Field of Search

709/224
US Class Current

709/224
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 63/1416 Event detection, e.g. attac...

Systems and methods for interactive analytics of internet traffic

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for interactive analytics of internet traffic

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links