Dynamic security events and event channels in a network security system

摘要

A query for security event can be represented as an event channel. The event channel may be displayed as a grid of events. In one embodiment, the events included in the event channel are dynamic and can change after initial observation. In one embodiment, the present invention includes creating an event channel defined by a timeframe and an event filter, the event channel including security events stored in an event database that satisfy the timeframe and the event filter. When a security event changes after the event channel has been created, one embodiment of the invention further includes observing a change to a security event stored in the event database, and dynamically updating the event channel based on the observed change.