Correcting timestamps for computer security telemetry data

Assignee

• Chronicle LLC · US

Inventors

• Abu Wawda · Cupertino, US
• Tushar Dhoot · Seattle, US
• Kai Boon Ee · Sunnyvale, US
• Charles Spirakis · Santa Clara, US
• Tali Leora Eban · Sunnyvale, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/306
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for correcting timestamps in computer security telemetry data. A method includes: receiving, at a computer network security data analysis system, first log data identifying a plurality of first events occurring on a computer network, the first log data including, for each first event, a respective first timestamp identifying when the first event occurred, the first timestamp including a first hour value, a first minute value, and a first second value; and generating first modified log data, the first modified log data including, for each first event, a first modified timestamp including the first minute value and the first second value from the log data and a first modified hour value that represents an hour value from a current time at which the first log data was received at the computer network security data analysis system.