MANAGING INCIDENT RESPONSE OPERATIONS BASED ON MONITORED NETWORK ACTIVITY

Embodiments are directed to monitoring network traffic associated with networks to provide metrics. A monitoring engine may determine an anomaly based on the metrics exceeding threshold values. An inference engine may be instantiated to provide an anomaly profile based on portions of the network tra...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Wu, Xue Jun, Deaguero, Joel Benjamin, Kelly, Michael Christopher, Driggs, Edmund Hope, Montague, Michael Kerber Krause, Braun, Nicholas Jordan
Format:	Patent
Sprache:	eng
Schlagworte:	CALCULATING COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS COMPUTING COUNTING ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY PHYSICS TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue
container_start_page
container_title
container_volume
creator	Wu, Xue Jun Deaguero, Joel Benjamin Kelly, Michael Christopher Driggs, Edmund Hope Montague, Michael Kerber Krause Braun, Nicholas Jordan
description	Embodiments are directed to monitoring network traffic associated with networks to provide metrics. A monitoring engine may determine an anomaly based on the metrics exceeding threshold values. An inference engine may be instantiated to provide an anomaly profile based on portions of the network traffic that are associated with the anomaly. The inference engine may provide an investigation profile based on the anomaly profile such that the investigation profile includes information associated with investigation activities associated with an investigation of the anomaly. The inference engine may monitor the investigation of the anomaly based on other portions of the network traffic such that the other portions of the network traffic are associated with monitoring an occurrence of the investigation activities. The inference engine may modify a performance score associated with the investigation profile based on the occurrence of the investigation activities and a completion status of the investigation.
format	Patent
fullrecord	<record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US2021044608A1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US2021044608A1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US2021044608A13</originalsourceid><addsrcrecordid>eNrjZPD0dfRzdPf0c1fw9HP2dHH1C1EIcg0O8PcLdlXwD3ANcgzxBLIVnByDXV0U_P0UfP39PEP8g4AcP9eQcP8gbwVH5xDPMM-QSB4G1rTEnOJUXijNzaDs5hri7KGbWpAfn1pckJicmpdaEh8abGRgZGhgYmJmYOFoaEycKgAN8i5h</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>MANAGING INCIDENT RESPONSE OPERATIONS BASED ON MONITORED NETWORK ACTIVITY</title><source>esp@cenet</source><creator>Wu, Xue Jun ; Deaguero, Joel Benjamin ; Kelly, Michael Christopher ; Driggs, Edmund Hope ; Montague, Michael Kerber Krause ; Braun, Nicholas Jordan</creator><creatorcontrib>Wu, Xue Jun ; Deaguero, Joel Benjamin ; Kelly, Michael Christopher ; Driggs, Edmund Hope ; Montague, Michael Kerber Krause ; Braun, Nicholas Jordan</creatorcontrib><description>Embodiments are directed to monitoring network traffic associated with networks to provide metrics. A monitoring engine may determine an anomaly based on the metrics exceeding threshold values. An inference engine may be instantiated to provide an anomaly profile based on portions of the network traffic that are associated with the anomaly. The inference engine may provide an investigation profile based on the anomaly profile such that the investigation profile includes information associated with investigation activities associated with an investigation of the anomaly. The inference engine may monitor the investigation of the anomaly based on other portions of the network traffic such that the other portions of the network traffic are associated with monitoring an occurrence of the investigation activities. The inference engine may modify a performance score associated with the investigation profile based on the occurrence of the investigation activities and a completion status of the investigation.</description><language>eng</language><subject>CALCULATING ; COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2021</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20210211&DB=EPODOC&CC=US&NR=2021044608A1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25543,76294</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20210211&DB=EPODOC&CC=US&NR=2021044608A1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Wu, Xue Jun</creatorcontrib><creatorcontrib>Deaguero, Joel Benjamin</creatorcontrib><creatorcontrib>Kelly, Michael Christopher</creatorcontrib><creatorcontrib>Driggs, Edmund Hope</creatorcontrib><creatorcontrib>Montague, Michael Kerber Krause</creatorcontrib><creatorcontrib>Braun, Nicholas Jordan</creatorcontrib><title>MANAGING INCIDENT RESPONSE OPERATIONS BASED ON MONITORED NETWORK ACTIVITY</title><description>Embodiments are directed to monitoring network traffic associated with networks to provide metrics. A monitoring engine may determine an anomaly based on the metrics exceeding threshold values. An inference engine may be instantiated to provide an anomaly profile based on portions of the network traffic that are associated with the anomaly. The inference engine may provide an investigation profile based on the anomaly profile such that the investigation profile includes information associated with investigation activities associated with an investigation of the anomaly. The inference engine may monitor the investigation of the anomaly based on other portions of the network traffic such that the other portions of the network traffic are associated with monitoring an occurrence of the investigation activities. The inference engine may modify a performance score associated with the investigation profile based on the occurrence of the investigation activities and a completion status of the investigation.</description><subject>CALCULATING</subject><subject>COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2021</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZPD0dfRzdPf0c1fw9HP2dHH1C1EIcg0O8PcLdlXwD3ANcgzxBLIVnByDXV0U_P0UfP39PEP8g4AcP9eQcP8gbwVH5xDPMM-QSB4G1rTEnOJUXijNzaDs5hri7KGbWpAfn1pckJicmpdaEh8abGRgZGhgYmJmYOFoaEycKgAN8i5h</recordid><startdate>20210211</startdate><enddate>20210211</enddate><creator>Wu, Xue Jun</creator><creator>Deaguero, Joel Benjamin</creator><creator>Kelly, Michael Christopher</creator><creator>Driggs, Edmund Hope</creator><creator>Montague, Michael Kerber Krause</creator><creator>Braun, Nicholas Jordan</creator><scope>EVB</scope></search><sort><creationdate>20210211</creationdate><title>MANAGING INCIDENT RESPONSE OPERATIONS BASED ON MONITORED NETWORK ACTIVITY</title><author>Wu, Xue Jun ; Deaguero, Joel Benjamin ; Kelly, Michael Christopher ; Driggs, Edmund Hope ; Montague, Michael Kerber Krause ; Braun, Nicholas Jordan</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US2021044608A13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2021</creationdate><topic>CALCULATING</topic><topic>COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>Wu, Xue Jun</creatorcontrib><creatorcontrib>Deaguero, Joel Benjamin</creatorcontrib><creatorcontrib>Kelly, Michael Christopher</creatorcontrib><creatorcontrib>Driggs, Edmund Hope</creatorcontrib><creatorcontrib>Montague, Michael Kerber Krause</creatorcontrib><creatorcontrib>Braun, Nicholas Jordan</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Wu, Xue Jun</au><au>Deaguero, Joel Benjamin</au><au>Kelly, Michael Christopher</au><au>Driggs, Edmund Hope</au><au>Montague, Michael Kerber Krause</au><au>Braun, Nicholas Jordan</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>MANAGING INCIDENT RESPONSE OPERATIONS BASED ON MONITORED NETWORK ACTIVITY</title><date>2021-02-11</date><risdate>2021</risdate><abstract>Embodiments are directed to monitoring network traffic associated with networks to provide metrics. A monitoring engine may determine an anomaly based on the metrics exceeding threshold values. An inference engine may be instantiated to provide an anomaly profile based on portions of the network traffic that are associated with the anomaly. The inference engine may provide an investigation profile based on the anomaly profile such that the investigation profile includes information associated with investigation activities associated with an investigation of the anomaly. The inference engine may monitor the investigation of the anomaly based on other portions of the network traffic such that the other portions of the network traffic are associated with monitoring an occurrence of the investigation activities. The inference engine may modify a performance score associated with the investigation profile based on the occurrence of the investigation activities and a completion status of the investigation.</abstract><oa>free_for_read</oa></addata></record>
fulltext	fulltext_linktorsrc
identifier
ispartof
issn
language	eng
recordid	cdi_epo_espacenet_US2021044608A1
source	esp@cenet
subjects	CALCULATING COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS COMPUTING COUNTING ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY PHYSICS TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title	MANAGING INCIDENT RESPONSE OPERATIONS BASED ON MONITORED NETWORK ACTIVITY
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-23T09%3A37%3A52IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Wu,%20Xue%20Jun&rft.date=2021-02-11&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS2021044608A1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true