Splunk Inc.
User interface for defining anomaly action rules in a network security system

Abstract:

The disclosed embodiments include a method performed by a computer system. The method includes causing display of one or more first graphical controls enabling a user to define a filter of an anomaly action rule, the filter defining at least one of an attribute of an anomaly or an attribute of a computer network entity. The method also includes causing display of one or more second graphical controls enabling a user to define an action to take with respect to the anomaly action rule. The method further includes generating the anomaly action rule based on interaction by a user with the one or more first and second graphical controls, wherein the anomaly action rule causes performance of the action upon detecting an anomaly that satisfies the anomaly action rule.