| CPC G06F 21/6218 (2013.01) [G06F 3/0482 (2013.01); G06F 21/577 (2013.01); G06F 2221/2101 (2013.01)] | 20 Claims |
|
1. A method, comprising:
receiving one or more event logs;
analyzing the one or more event logs using a plurality of models to detect one or more anomalous events; and
providing a graphical representation of risk entities associated with at least one of the one or more detected anomalous events, wherein providing the graphical representation includes:
providing in the graphical representation a visual representation of automatically detected relationships between the risk entities associated with the at least one of the one or more detected anomalous events including by providing a first plurality of graphical user interface items corresponding to the risk entities associated with a first detected anomalous event, wherein a first graphical user interface item included in the first plurality of graphical user interface items corresponds to a first risk entity of the risk entities, wherein the first graphical user interface item indicates which model of the plurality of models detected the at least one of the one or more detected anomalous events to be anomalous, wherein the first graphical user interface item is graphically linked to one or more other graphical user interface items of the first plurality of graphical user interface items, wherein the one or more other graphical user interface items correspond to one or more other risk entities of the risk entities associated with the first detected anomalous event; and
providing a corresponding indication of a measure of anomaly associated with the at least one of the one or more detected anomalous events for the risk entities associated with the at least one of the one or more detected anomalous events.
|