首页>
外国专利>
Identifying threat indicators by processing multiple anomalies
Identifying threat indicators by processing multiple anomalies
展开▼
机译:通过处理多个异常来识别威胁指标
展开▼
页面导航
摘要
著录项
相似文献
摘要
Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.
展开▼