Cybersecurity incident detection systems and techniques

摘要

Behavioral baselines for a computer system may be accurately and efficiently established by (1) monitoring occurrences on the computer system, (2) determining, based on security rules or heuristics, which of the observed occurrences are associated with potential security risks, (3) identifying patterns of activity based on the suspicious occurrences, and (4) prompting a user to indicate whether the observed patterns of suspicious activity are expected or unexpected. Behavior baselines established in this manner can then be used to differentiate between expected and unexpected patterns of activity on the computer system.