US 12,309,236 B1
Analyzing log data from multiple sources across computing environments
Timothy B. Frazier, Jr., Hixson, TN (US); Mary L. Singh, Arlington, VA (US); Ian C. Richardson, Boston, MA (US); and Yijou Chen, Cupertino, CA (US)
Assigned to Fortinet, Inc., Sunnyvale, CA (US)
Filed by Fortinet, Inc., Sunnyvale, CA (US)
Filed on Jun. 29, 2022, as Appl. No. 17/853,002.
Application 17/853,002 is a continuation in part of application No. 17/504,311, filed on Oct. 18, 2021, granted, now 11,677,772.
Application 17/504,311 is a continuation of application No. 16/665,961, filed on Oct. 28, 2019, granted, now 11,153,339, issued on Oct. 19, 2021.
Application 16/665,961 is a continuation of application No. 16/134,794, filed on Sep. 18, 2018, granted, now 10,581,891, issued on Mar. 3, 2020.
Claims priority of provisional application 62/650,971, filed on Mar. 30, 2018.
Claims priority of provisional application 62/590,986, filed on Nov. 27, 2017.
Claims priority of provisional application 63/241,966, filed on Sep. 8, 2021.
Claims priority of provisional application 63/239,248, filed on Aug. 31, 2021.
Claims priority of provisional application 63/234,921, filed on Aug. 19, 2021.
Claims priority of provisional application 63/231,953, filed on Aug. 11, 2021.
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 67/50 (2022.01); G06F 9/455 (2018.01); G06F 9/54 (2006.01); G06F 16/901 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 9/40 (2022.01); H04L 43/045 (2022.01); H04L 67/306 (2022.01); G06F 16/2455 (2019.01)
CPC H04L 67/535 (2022.05) [G06F 9/455 (2013.01); G06F 9/545 (2013.01); G06F 16/9024 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 43/045 (2013.01); H04L 63/10 (2013.01); H04L 67/306 (2013.01); G06F 16/2456 (2019.01)] 18 Claims
OG exemplary drawing
 
1. A method of analyzing log data, the method comprising:
receiving, by a first computing system, log data associated with one or more computing systems in a cloud computing environment, the log data being generated by one of more log data generators in the cloud computing environment;
generating, by the first computing system, at least one interactive graph of logical entities of the cloud computing environment, wherein nodes of the at least one interactive graph represent the logical entities and edges of the interactive graph represent behavioral relationships between the logical entities;
detecting, by the first computing system, an anomaly based at least in part on the at least one interactive graph of logical entities;
ranking a criticality for the anomaly based at least in part on a first context of a compute asset of the cloud computing environment;
providing, by the first computing system, an alert describing the anomaly and the criticality in response to detecting the anomaly; and
reordering the at least one interactive graph of logical entities based at least in part on a second context of the compute asset of the cloud computing environment.