Systems, methods, user interfaces, and computer-readable media for investigating potential malicious communications
First Claim
1. A computer readable storage device configured to store computer executable instructions that, when executed, cause a computer system to:
- access records of electronic communications that were sent to internal recipients within a local network;
access a prescreened electronic communication preliminarily identified as a potential undesirable electronic communication;
group the records into a data cluster, wherein the records in the data cluster share one or more similar characteristics with the prescreened electronic communication;
identify one or more recipients associated with the records in the data cluster, the one or more recipients being authorized to access the local network;
determine respective roles associated with at least some of the one or more recipients associated with the records in the data cluster;
determine a priority of the data cluster based at least in part on a role associated with at least one of the one or more recipients, wherein the priority indicates an importance of assessing if the electronic communications are undesirable; and
providing data to a computing device, wherein the data is rendered by the computing device as an interactive user interface including an indication of the data cluster and an indication of the priority of assessing an undesirability of the electronic communications in the data cluster.
8 Assignments
0 Petitions
Accused Products
Abstract
A data analysis system receives potentially undesirable electronic communications and automatically groups them in computationally-efficient data clusters, automatically analyze those data clusters, automatically tags and groups those data clusters, and provides results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the data clusters may include an automated application of various criteria or rules so as to generate an ordered display of the groups of related data clusters such that the analyst may quickly and efficiently evaluate the groups of data clusters. In particular, the groups of data clusters may be dynamically re-grouped and/or filtered in an interactive user interface so as to enable an analyst to quickly navigate among information associated with various groups of data clusters and efficiently evaluate those data clusters.
-
Citations
20 Claims
-
1. A computer readable storage device configured to store computer executable instructions that, when executed, cause a computer system to:
-
access records of electronic communications that were sent to internal recipients within a local network; access a prescreened electronic communication preliminarily identified as a potential undesirable electronic communication; group the records into a data cluster, wherein the records in the data cluster share one or more similar characteristics with the prescreened electronic communication; identify one or more recipients associated with the records in the data cluster, the one or more recipients being authorized to access the local network; determine respective roles associated with at least some of the one or more recipients associated with the records in the data cluster; determine a priority of the data cluster based at least in part on a role associated with at least one of the one or more recipients, wherein the priority indicates an importance of assessing if the electronic communications are undesirable; and providing data to a computing device, wherein the data is rendered by the computing device as an interactive user interface including an indication of the data cluster and an indication of the priority of assessing an undesirability of the electronic communications in the data cluster. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented method for investigating potential malicious communications, the method comprising:
by a computer system including one or more computer-readable storage devices configured to store computer executable instructions and one or more processors configured to execute the computer executable instructions; accessing electronic communications that were sent to internal recipients within a local network; accessing a prescreened electronic communication preliminarily identified as a potential undesirable electronic communication; grouping the electronic communications into a data cluster, wherein the electronic communications in the data cluster share one or more similar characteristics with the prescreened electronic communication; identifying one or more recipients associated with the electronic communications in the data cluster, the one or more recipients being authorized to access the local network; determining respective roles associated with at least some of the one or more recipients associated with the electronic communications in the data cluster; determining a priority of the data cluster based at least in part on a role associated with at least one of the one or more recipients, wherein the priority indicates an importance of assessing if the electronic communications are undesirable; and providing data to a computing device, wherein the data is rendered on the computing device as an interactive user interface including an indication of the data cluster and an indication of the priority of assessing an undesirability of the electronic communications in the data cluster. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
Specification