EVENT VIEWS IN DATA INTAKE STAGE OF MACHINE DATA PROCESSING PLATFORM
First Claim
1. A method comprising:
- receiving event data representing an event on a computer network; and
adding a view identifier to the event data to allow a downstream entity, by having designated the view identifier, to receive select information about the event, through an interface identified by the view identifier,wherein the interface extracts the select information from and/or generates the select information based on the event data.
2 Assignments
0 Petitions
Accused Products
Abstract
A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.
-
Citations
30 Claims
-
1. A method comprising:
-
receiving event data representing an event on a computer network; and adding a view identifier to the event data to allow a downstream entity, by having designated the view identifier, to receive select information about the event, through an interface identified by the view identifier, wherein the interface extracts the select information from and/or generates the select information based on the event data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A computer system comprising:
-
a communication device; and a processor configured to; receive, via the communication device, event data representing an event on a computer network; and add a view identifier to the event data to allow a downstream entity, by having designated the view identifier, to receive select information about the event, through an interface identified by the view identifier, wherein the interface extracts the select information from and/or generates the select information based on the event data. - View Dependent Claims (27, 28, 29)
-
-
30. A non-transitory machine-readable storage medium for use in a processing system, the non-transitory machine-readable storage medium storing instructions, an execution of which in the processing system causes the processing system to perform operations comprising:
-
receiving event data representing an event on a computer network; and adding a view identifier to the event data to allow a downstream entity, by having designated the view identifier, to receive select information about the event, through an interface identified by the view identifier, wherein the interface extracts the select information from and/or generates the select information based on the event data.
-
Specification