| CPC G06F 16/285 (2019.01) [G06F 16/2379 (2019.01)] | 17 Claims |
|
1. A system for correlating event data on electronic data logs for monitored events on a network, the system comprising:
at least one network communication interface;
at least one non-transitory storage device; and
at least one processing device coupled to the at least one non-transitory storage device and the at least one network communication interface, wherein the at least one processing device is configured to:
continuously monitor stored data on one or more entity resources;
analyze, via an edge computing device, data from a data repository and determine that a transaction from a specific user account is initiated at or near a time of an encryption event, and log the data as a transaction event;
identify at least a first event and a second event other than the transaction event associated with at least one entity resource of the one or more entity resources;
store the first event and the second event in at least a first log and a second log;
based on metadata of the first event and the second event, correlate the first event and second event to generate a correlated event log;
receive multiple correlated event logs on an upstream entity resource, wherein the upstream entity resource and a downstream entity resource are defined by concentric boundaries between the upstream entity resource and the downstream entity resource based on a number of data hops between the upstream entity resource and a central network being less than a number of data hops between the downstream entity resource and the central network; and
perform a meta-correlation of the correlated event logs to generate an upstream correlated event log, wherein the meta-correlation further comprises the edge computing device identifying a correlation of two or more data points or logged events to infer that an additional event has occurred.
|