US 12,206,693 B1
Graph-based detection of network security issues
Georgios Apostolopoulos, San Jose, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Splunk Inc., San Francisco, CA (US)
Filed on May 16, 2022, as Appl. No. 17/745,482.
Application 17/745,482 is a continuation of application No. 16/828,812, filed on Mar. 24, 2020, granted, now 11,343,268.
Application 16/828,812 is a continuation of application No. 16/219,852, filed on Dec. 13, 2018, granted, now 10,609,059, issued on Mar. 31, 2020.
Application 16/219,852 is a continuation of application No. 15/419,959, filed on Jan. 30, 2017, granted, now 10,205,735, issued on Feb. 12, 2019.
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); G06F 16/901 (2019.01); H04L 9/40 (2022.01)
CPC H04L 63/1425 (2013.01) [G06F 16/9024 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
accessing a relationship graph in which entities associated with an information technology network are represented as nodes and relationships among the nodes are represented as links;
assigning the nodes in the relationship graph to groups to form a plurality of groups, each group of the plurality of groups including nodes associated with activities that occurred within a same unit of time;
constructing links between nodes across different groups of the plurality of groups, to form a chain of linked nodes, the chain of linked nodes forming a component;
computing a score for the component, wherein the score is indicative of a level of interest associated with nodes attached to a given link, and wherein each node had been assigned an anomaly score from a previous data analytic stage;
identifying the component for security scrutiny based on the computed score; and
performing a network security related action on the identified component.