公开(公告)号：US20210194896A1

公开(公告)日：2021-06-24

申请号：US16725819

申请日：2019-12-23

Applicant: salesforce.com, inc.

Inventor： John Seymour ,  Anuj Gargeya Malkapuram ,  Prashant Dwarkadas Agrawal

IPC: H04L29/06 ,  G06F11/30 ,  G06F11/32

Abstract: Techniques are disclosed relating to reporting for network events within a computer network. A computer system may access a set of data corresponding to a particular network event within a computer network, where the set of data includes captured attributes of the particular network event. The computer system may then calculate, using the set of data, a security score indicative of suspiciousness of the event and an actionability score that is based on an extent to which of a particular group of attributes are missing from the set of data. The computer system may determine, based on the two scores, a combined score for the event. The computer system may then report a notification for the event, based on the combined score. Such techniques may decrease a number of reported events for a network, which may advantageously allow resources to be focused on a smaller set of events.

公开(公告)号：US11637841B2

公开(公告)日：2023-04-25

申请号：US16725819

申请日：2019-12-23

Applicant: salesforce.com, inc.

Inventor： John Seymour ,  Anuj Gargeya Malkapuram ,  Prashant Dwarkadas Agrawal

IPC: H04L29/06 ,  H04L9/40 ,  G06F11/32 ,  G06F11/30

Abstract: Techniques are disclosed relating to reporting for network events within a computer network. A computer system may access a set of data corresponding to a particular network event within a computer network, where the set of data includes captured attributes of the particular network event. The computer system may then calculate, using the set of data, a security score indicative of suspiciousness of the event and an actionability score that is based on an extent to which of a particular group of attributes are missing from the set of data. The computer system may determine, based on the two scores, a combined score for the event. The computer system may then report a notification for the event, based on the combined score. Such techniques may decrease a number of reported events for a network, which may advantageously allow resources to be focused on a smaller set of events.