Snapshot of a forensic investigation for enterprise threat detection
First Claim
Patent Images
1. A computer-implemented method, comprising:
- establishing an enterprise threat detection (ETD) forensic workspace according to a particular timeframe and permitting defining a selection of data types from available log data for an evaluation of events associated with one or more entities, wherein the forensic workspace is configured with functionality to define a filter path containing a series of filters to define a particular sub set of the available log data;
defining a chart illustrating a graphical distribution of a particular data type in the forensic workspace;
generating a snapshot associated with the chart, the snapshot saving a copy of all data necessary to re-create the chart into an associated snapshot object;
associating the snapshot with a snapshot page for containing the snapshot; and
saving the snapshot page within the ETD forensic workspace.
1 Assignment
0 Petitions
Accused Products
Abstract
An enterprise threat detection (ETD) forensic workspace is established according to a particular timeframe and permitting defining a selection of data types from available log data for an evaluation of events associated with one or more entities. A chart is defined illustrating a graphical distribution of a particular data type in the forensic workspace. A snapshot associated with the chart is generated, the snapshot saving a copy of all data necessary to re-create the chart into an associated snapshot object. The snapshot is associated with a snapshot page for containing the snapshot and the snapshot page is saved within the ETD forensic workspace.
197 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
establishing an enterprise threat detection (ETD) forensic workspace according to a particular timeframe and permitting defining a selection of data types from available log data for an evaluation of events associated with one or more entities, wherein the forensic workspace is configured with functionality to define a filter path containing a series of filters to define a particular sub set of the available log data; defining a chart illustrating a graphical distribution of a particular data type in the forensic workspace; generating a snapshot associated with the chart, the snapshot saving a copy of all data necessary to re-create the chart into an associated snapshot object; associating the snapshot with a snapshot page for containing the snapshot; and saving the snapshot page within the ETD forensic workspace. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
-
establishing an enterprise threat detection (ETD) forensic workspace according to a particular timeframe and permitting defining a selection of data types from available log data for an evaluation of events associated with one or more entities, wherein the forensic workspace is configured with functionality to define a filter path containing a series of filters to define a particular sub set of the available log data; defining a chart illustrating a graphical distribution of a particular data type in the forensic workspace; generating a snapshot associated with the chart, the snapshot saving a copy of all data necessary to re-create the chart into an associated snapshot object; associating the snapshot with a snapshot page for containing the snapshot; and saving the snapshot page within the ETD forensic workspace. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented system, comprising:
-
a computer memory; and a hardware processor interoperably coupled with the computer memory and configured to perform operations comprising; establishing an enterprise threat detection (ETD) forensic workspace according to a particular timeframe and permitting defining a selection of data types from available log data for an evaluation of events associated with one or more entities, wherein the forensic workspace is configured with functionality to define a filter path containing a series of filters to define a particular subset of the available log data; defining a chart illustrating a graphical distribution of a particular data type in the forensic workspace; generating a snapshot associated with the chart, the snapshot saving a copy of all data necessary to re-create the chart into an associated snapshot object; associating the snapshot with a snapshot page for containing the snapshot; and saving the snapshot page within the ETD forensic workspace. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification