Abstract: A custom use case framework in a computer analytics system is shown and described. The custom use case framework includes a custom model creation wizard interface that guides a user through submitting custom model parameters of a custom model definition. The computing system transforms custom model parameters of the custom model definition into a custom model. The custom model is executed in an analytics system. Thus, one or more embodiments provide a simplified method for a user to generate a custom model that is executable by a computer system.

Abstract: A custom use case framework in a computer analytics system is shown and described. The custom use case framework includes a custom model creation wizard interface that guides a user through submitting custom model parameters of a custom model definition. The computing system transforms custom model parameters of the custom model definition into a custom model. The custom model is executed in an analytics system. Thus, one or more embodiments provide a simplified method for a user to generate a custom model that is executable by a computer system.

Abstract: The disclosed embodiments include a method performed by a computer system. The method includes causing display of one or more graphical controls enabling a user to define attributes of a threat rule, the attributes including a type of computer network entity and an anomaly pattern associated with the type of computer network entity. The method further includes generating the threat rule based on interaction by a user with the one or more graphical controls, wherein the threat rule identifies a security threat to the computer network that satisfies the attributes of the threat rule based on one or more detected anomalies on the computer network.

Abstract: The disclosed embodiments include a method performed by a computer system. The method includes causing display of one or more first graphical controls enabling a user to define a filter of an anomaly action rule, the filter defining at least one of an attribute of an anomaly or an attribute of a computer network entity. The method also includes causing display of one or more second graphical controls enabling a user to define an action to take with respect to the anomaly action rule. The method further includes generating the anomaly action rule based on interaction by a user with the one or more first and second graphical controls, wherein the anomaly action rule causes performance of the action upon detecting an anomaly that satisfies the anomaly action rule.

Abstract: The disclosed embodiments include a method performed by a computer system. The method includes receiving user input defining attributes of a threat rule, the attributes including a type of computer network entity and an anomaly pattern associated with the type of computer network entity. The method further includes generating the threat rule based on the user input, wherein the threat rule identifies a security threat to the computer network that satisfies the attributes of the threat rule based on one or more detected anomalies on the computer network.

Abstract: The disclosed embodiments include a method performed by a computer system. The method includes receiving first user input defining a filter of an anomaly action rule, the filter defining at least one of an attribute of an anomaly or an attribute of a computer network entity. The method also includes receiving second user input defining an action of the anomaly action rule. The method further includes generating the anomaly action rule based on the first user input and the second user input, wherein the anomaly action rule causes performance of the action upon detecting an anomaly on the computer network that satisfies the anomaly action rule.

Abstract: The disclosed embodiments include a method performed by a computer system. The method includes receiving first user input defining a filter of an anomaly action rule, the filter defining at least one of an attribute of an anomaly or an attribute of a computer network entity. The method also includes receiving second user input defining an action of the anomaly action rule. The method further includes generating the anomaly action rule based on the first user input and the second user input, wherein the anomaly action rule causes performance of the action upon detecting an anomaly on the computer network that satisfies the anomaly action rule.

Abstract: The disclosed embodiments include a method performed by a computer system. The method includes causing display of one or more first graphical controls enabling a user to define a filter of an anomaly action rule, the filter defining at least one of an attribute of an anomaly or an attribute of a computer network entity. The method also includes causing display of one or more second graphical controls enabling a user to define an action to take with respect to the anomaly action rule. The method further includes generating the anomaly action rule based on interaction by a user with the one or more first and second graphical controls, wherein the anomaly action rule causes performance of the action upon detecting an anomaly that satisfies the anomaly action rule.

Abstract: The disclosed embodiments include a method performed by a computer system. The method includes causing display of one or more graphical controls enabling a user to define attributes of a threat rule, the attributes including a type of computer network entity and an anomaly pattern associated with the type of computer network entity. The method further includes generating the threat rule based on interaction by a user with the one or more graphical controls, wherein the threat rule identifies a security threat to the computer network that satisfies the attributes of the threat rule based on one or more detected anomalies on the computer network.

Abstract: The disclosed embodiments include a method performed by a computer system. The method includes receiving user input defining attributes of a threat rule, the attributes including a type of computer network entity and an anomaly pattern associated with the type of computer network entity. The method further includes generating the threat rule based on the user input, wherein the threat rule identifies a security threat to the computer network that satisfies the attributes of the threat rule based on one or more detected anomalies on the computer network.