Splunk Inc.
Enabling user definition of custom threat rules in a network security system

Abstract:

The disclosed embodiments include a method performed by a computer system. The method includes receiving user input defining attributes of a threat rule, the attributes including a type of computer network entity and an anomaly pattern associated with the type of computer network entity. The method further includes generating the threat rule based on the user input, wherein the threat rule identifies a security threat to the computer network that satisfies the attributes of the threat rule based on one or more detected anomalies on the computer network.