×

Security threat detection using domain name accesses

  • US 9,426,172 B2
  • Filed: 08/01/2015
  • Issued: 08/23/2016
  • Est. Priority Date: 07/25/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method, comprising:

  • extracting a set of accessed domain names from a set of events stored in a field-searchable data store, wherein each accessed domain name in the set of accessed domain names was not detected in events generated prior to generation of the set of events;

    identifying a respective registration time for each accessed domain name in the set of accessed domain names, wherein the respective registration time is indicative of when the accessed domain name was first detected within the set of events;

    identifying a subset of accessed domain names in the set of accessed domain names for which the identified respective registration time of each accessed domain name in the subset is recent relative to times for other accessed domain names in the set of accessed domain names;

    determining, for each accessed domain name in the subset, an access count corresponding to how many times the set of events indicates that the accessed domain name in the subset was accessed;

    causing display of information relating to the access count;

    wherein the method is performed by one or more computing devices.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×