1. Field of the Invention
The present invention relates generally to computer security, and more particularly but not exclusively to methods and apparatus for detecting anomaly events at near real time in computer networks.
2. Description of the Background Art
Events in a computer network may be stored and analyzed to detect security events, such as leakage of sensitive data and unauthorized access to the computer network. Unfortunately, analyzing logged events takes time and is relatively complex because of the large volume of data associated with the events. As a result, most security events cannot be identified until a long time after the security event has taken place.