Splunk Inc.
User interface for defining custom threat rules in a network security system

Abstract:

The disclosed embodiments include a method performed by a computer system. The method includes causing display of one or more graphical controls enabling a user to define attributes of a threat rule, the attributes including a type of computer network entity and an anomaly pattern associated with the type of computer network entity. The method further includes generating the threat rule based on interaction by a user with the one or more graphical controls, wherein the threat rule identifies a security threat to the computer network that satisfies the attributes of the threat rule based on one or more detected anomalies on the computer network.