Management console for network security investigations
First Claim
1. A method, comprising:
- causing display of a graphical user interface including a plurality of interface elements representing a plurality of investigation timelines, each investigation timeline of the plurality of investigation timelines associated with both first data representing one or more computer network security events, and second data representing one or more occurrences of user interactions with a network security application;
wherein each interface element of the plurality of interface elements displays an indication of one or more users assigned to a respective investigation timeline;
receiving a selection of a particular interface element of the plurality of interface elements, the particular interface element representing a particular investigation timeline; and
in response to receiving the selection of the particular interface element, causing display of the particular investigation timeline.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.
-
Citations
29 Claims
-
1. A method, comprising:
-
causing display of a graphical user interface including a plurality of interface elements representing a plurality of investigation timelines, each investigation timeline of the plurality of investigation timelines associated with both first data representing one or more computer network security events, and second data representing one or more occurrences of user interactions with a network security application; wherein each interface element of the plurality of interface elements displays an indication of one or more users assigned to a respective investigation timeline; receiving a selection of a particular interface element of the plurality of interface elements, the particular interface element representing a particular investigation timeline; and in response to receiving the selection of the particular interface element, causing display of the particular investigation timeline. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. One or more non-transitory computer-readable storage media, storing instructions, which when executed by one or more processors cause performance of:
-
causing display of a graphical user interface including a plurality of interface elements representing a plurality of investigation timelines, each investigation timeline of the plurality of investigation timelines associated with both first data representing one or more computer network security events, and second data representing one or more occurrences of user interactions with a network security application; wherein each interface element of the plurality of interface elements displays an indication of one or more users assigned to a respective investigation timeline; receiving a selection of a particular interface element of the plurality of interface elements, the particular interface element representing a particular investigation timeline; and in response to receiving the selection of the particular interface element, causing display of the particular investigation timeline.
-
-
29. An apparatus, comprising:
-
an interface display subsystem, implemented at least partially in hardware, that causes display of a graphical user interface including a plurality of interface elements representing a plurality of investigation timelines, each investigation timeline of the plurality of investigation timelines associated with both first data representing one or more computer network security events, and second data representing one or more occurrences of user interactions with a network security application; wherein each interface element of the plurality of interface elements displays an indication of one or more users assigned to a respective investigation timeline; an interface element selection subsystem, implemented at least partially in hardware, that receives a selection of a particular interface element of the plurality of interface elements, the particular interface element representing a particular investigation timeline; and wherein the interface display subsystem further causes, in response to receiving the selection of the particular interface element, display of the particular investigation timeline.
-
Specification