User activity monitoring by use of rule-based search queries
US10185821B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 31, 2017 |
| Grant date | Jan 22, 2019 |
| Priority date | — |
| Expiry date | Oct 31, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldIT methods for management
- WIPO sectorElectrical engineering
Abstract
Systems and methods are disclosed for associating an entity with a risk score that may indicate a security threat associated with the entity's activity. An exemplary method may involve monitoring the activity of a subset of the set of entities (e.g., entities included in a watch list) by executing a search query against events indicating the activity of the subset of entities. The events may be associated with timestamps and may include machine data. Executing the search query may produce search results that pertain to activity of a particular entity from the subset. The search results may be evaluated based on a triggering condition corresponding to the statistical baseline. When the triggering condition is met, a risk score for the particular entity may be updated. The updated risk score may be displayed to a user via a graphical user interface (GUI).
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.