Systems and methods for detecting network security threat event patterns

Assignee

• Splunk Inc. · US

Inventors

• Lucas Murphey · Wadsworth, US
• Francis Gerard · Bethesda, US
• Richard Barger · Austin, US
• Bhavin Patel · Berlin, US
• Patrick Schulz · San Francisco, US
• Chinmay Kulkarni · Sunnyvale, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06T2200/24
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Techniques and mechanisms are disclosed for a data intake and query system to generate “meta-notable” events by applying a meta-notable event rule to a collection of notable event data. A meta-notable event rule specifies one or more patterns of notable event instances defined by a set of notable event states and a set of transition rules (also referred to as association rules) indicating conditions for transitioning from one notable event state to another. The set of notable event states includes at least one start state and at least one end state. A meta-notable event is generated when a set of analyzed notable events satisfies a set of transition rules linking a start state to an end state (including transitions through any intermediary states between the start state and the end state).