Abstract: A website vulnerability test is performed by automatically checking that a website has not been compromised by malicious third party scripts. A system can test a dynamic behavior of a website that indicates a functional user flow through the website. A set of rules are applied against a log of dynamic behavior of the website, as well as static code of the website, to identify potential compromise by malicious scripts. Some rules can be configured for detecting modification of a third party script, or modified behavior of a third party script, in an attempt to detect security monitoring activity against the script and hide its presence from the security monitoring activity.

Abstract: A website vulnerability test is performed by automatically checking that a website has not been compromised by malicious third party scripts. A system can test a dynamic behavior of a website that indicates a functional user flow through the website. A set of rules are applied against a log of dynamic behavior of the website, as well as static code of the website, to identify potential compromise by malicious scripts. Some rules can be configured for detecting modification of a third party script, or modified behavior of a third party script, in an attempt to detect security monitoring activity against the script and hide its presence from the security monitoring activity.

Abstract: A website anomaly test is performed by automatically checking that a website has not been compromised by malicious code. A system can test a dynamic behavior of a website that indicates a functional user flow through the website. A set of rules are applied against a log of dynamic behavior of the website, as well as static code of the website, to identify potential compromise by malicious scripts.

Abstract: This document generally describes computer systems, processes, program products, and devices for the rapid and automated collection, storage, and analysis of network events to provide improved and enhanced security analysis. The system can include an extensible framework for pipelines to process, normalize, and decorate network events created in response to network activity, which can permit the system to readily scale up and down to ingest large volumes and variations in network activity. For example, pipeline can match data in the network events with stored Indicators of Compromise (IoCs) and decorate the network events with the IoCs before the network events are stored and subsequently analyzed.

Abstract: A website vulnerability test is performed by automatically checking that a website has not been compromised by malicious third party scripts. A system can test a dynamic behavior of a website that indicates a functional user flow through the website. Instead of merely analyzing static code of a website, the system automatically tests the website in their runtime environments for the presence of malicious third party scripts.

Abstract: A plurality of network sensors are configured to sense the operations of a data network and, responsive to sensing the operations of the data network, generate event data objects that record the operations of the data network. One or more decorator pipelines are configured to decorate the event data objects with data other than from operations of the data network. A security frontend is configured to generate a graphical user interface (GUI) configured to provide, to a user, query-authoring tools, receiving a query in a structured language, provide responsive to receiving the query, results to the query from historic event data that was decorated before the query was received, receive approval for the query, and later execute the query on new event data that has been decorated after the approval for the query is received.

Abstract: A website vulnerability test is performed by automatically checking that a website has not been compromised by malicious third party scripts. A system can test a dynamic behavior of a website that indicates a functional user flow through the website. A set of rules are applied against a log of dynamic behavior of the website, as well as static code of the website, to identify potential compromise by malicious scripts. Some rules can be configured for detecting modification of a third party script, or modified behavior of a third party script, in an attempt to detect security monitoring activity against the script and hide its presence from the security monitoring activity.

Abstract: A website anomaly test is performed by automatically checking that a website has not been compromised by malicious code. A system can test a dynamic behavior of a website that indicates a functional user flow through the website. A set of rules are applied against a log of dynamic behavior of the website, as well as static code of the website, to identify potential compromise by malicious scripts.

Abstract: This document generally describes computer systems, processes, program products, and devices for the rapid and automated collection, storage, and analysis of network events to provide improved and enhanced security analysis. The system can include an extensible framework for pipelines to process, normalize, and decorate network events created in response to network activity, which can permit the system to readily scale up and down to ingest large volumes and variations in network activity. For example, pipeline can match data in the network events with stored Indicators of Compromise (IoCs) and decorate the network events with the IoCs before the network events are stored and subsequently analyzed.

Abstract: A website vulnerability test is performed by automatically checking that a website has not been compromised by malicious third party scripts. A system can test a dynamic behavior of a website that indicates a functional user flow through the website. Instead of merely analyzing static code of a website, the system automatically tests the website in their runtime environments for the presence of malicious third party scripts.

Abstract: A plurality of network sensors are configured to sense the operations of a data network and, responsive to sensing the operations of the data network, generate event data objects that record the operations of the data network. One or more decorator pipelines are configured to decorate the event data objects with data other than from operations of the data network. A security frontend is configured to generate a graphical user interface (GUI) configured to provide, to a user, query-authoring tools, receiving a query in a structured language, provide responsive to receiving the query, results to the query from historic event data that was decorated before the query was received, receive approval for the query, and later execute the query on new event data that has been decorated after the approval for the query is received.