Abstract: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is stored as discrete events time stamps. A search is received and relevant event information is retrieved based in whole or in part on the time stamp, a keyword indexing mechanism, or statistical indices calculated at the time of the search.

Abstract: A computer-implemented method, computer program product and computing system for: detecting one or more security events within a computing platform of a client; notifying the client of the one or more security events within the computing platform; determining if the client responded to the one or more security events within the computing platform; and providing a response report to the client that quantifies client response performance based, at least in part, upon if the client responded to the one or more security events within the computing platform.

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is stored as discrete events time stamps. A search is received and relevant event information is retrieved based in whole or in part on the time stamp, a keyword indexing mechanism, or statistical indices calculated at the time of the search.

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is stored as discrete events time stamps. A search is received and relevant event information is retrieved based in whole or in part on the time stamp, a keyword indexing mechanism, or statistical indices calculated at the time of the search.

Abstract: Methods and apparatus are disclosed to automatically timestamp events within streaming machine data. The streaming machine data is broken into a set of events using breaking rules. Each event can be analyzed by iterating over own time stamp format patterns from a list of known time stamp format patterns to determine whether a matching pattern exists in the event. When an individual event broken out from the streaming machine data includes time information according to at least one known time stamp format pattern of the list of known time stamp format patterns, a timestamp can be created for the event by extracting a time value from event ng the matching pattern determined to exist in the event.

Abstract: A computer-implemented method, computer program product and computing system for: defining a threat mitigation platform for a client, wherein the threat mitigation platform includes a plurality of threat detection capability modules; defining a rollout schedule for at least a portion of the plurality of threat detection capability modules; and presenting the rollout schedule to the client.

Abstract: A computer-implemented method, computer program product and computing system for: establishing connectivity with a plurality of security-relevant subsystems within a computing platform; defining a unified query on a unified platform concerning the plurality of security-relevant subsystems; denormalizing the unified query to define a subsystem-specific query for each of the plurality of security-relevant subsystems, thus defining a plurality of subsystem-specific queries; and providing the plurality of subsystem-specific queries to the plurality of security-relevant subsystems.

Abstract: A computer-implemented method, computer program product and computing system for: establishing connectivity with a plurality of security-relevant subsystems within a computing platform; and mapping one or more data fields of a unified platform to one or more data fields of each of the plurality of security-relevant subsystems.

Abstract: A computer-implemented method, computer program product and computing system for: defining a threat mitigation platform for a client, wherein the threat mitigation platform includes a plurality of threat detection capability modules; defining a rollout schedule for at least a portion of the plurality of threat detection capability modules; and presenting the rollout schedule to the client.

Abstract: A computer-implemented method, computer program product and computing system for: establishing connectivity with a plurality of security-relevant subsystems within a computing platform; defining a plurality of subsystem-specific queries on a unified platform concerning the plurality of security-relevant subsystems, wherein one or more of the plurality of subsystem-specific queries has a defined execution schedule; and providing the plurality of subsystem-specific queries to the plurality of security-relevant subsystems.

Abstract: A computer-implemented method, computer program product and computing system for: a computer-implemented method is executed on a computing device and includes: obtaining object information concerning one or more initial objects within a computing platform in response to a security event; identifying an event type for the security event; and executing a response script based, at least in part, upon the event type.

Abstract: Methods and apparatus are disclosed to automatically timestamp events within streaming machine data. The streaming machine data is broken into a set of events using breaking rules. Each event can be analyzed by iterating over own time stamp format patterns from a list of known time stamp format patterns to determine whether a matching pattern exists in the event. When an individual event broken out from the streaming machine data includes time information according to at least one known time stamp format pattern of the list of known time stamp format patterns, a timestamp can be created for the event by extracting a time value from event ng the matching pattern determined to exist in the event.

Abstract: A computer-implemented method, computer program product and computing system for: establishing connectivity with a plurality of security-relevant subsystems within a computing platform; and mapping one or more data fields of a unified platform to one or more data fields of each of the plurality of security-relevant subsystems.

Abstract: A computer-implemented method, computer program product and computing system for: obtaining consolidated platform information to identify current security-relevant capabilities for a computing platform; determining possible security-relevant capabilities for the computing platform; and rendering graphical comparison information that illustrates a difference between the current security-relevant capabilities of the computing platform and the possible security-relevant capabilities of the computing platform.

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

Abstract: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

Abstract: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

Abstract: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

Abstract: A computer-implemented method, computer program product and computing system for: establishing connectivity with a plurality of security-relevant subsystems within a computing platform; defining a specific task to be executed on one or more of the plurality of security-relevant subsystems, thus defining one or more target security-relevant subsystems; commissioning a container-based job within which the specific task will be executed; and executing the specific task within the container-based job.