Method of threat detection in a computer network security system

摘要

A method comprising: receiving raw data related to one or more network nodes, wherein dissimilar data types are aligned as input events; filtering one or more of the input events by using an adjustable threshold that is based on a filtering score, wherein the filtering score is an estimate of the likelihood that the input event is followed by a security related detection; processing only input events passed through the filtering by an enrichment process; and analysing the data received from the enrichment process for generating a security related decision.