Embodiments of the present disclosure generally related to analysis and triage of data items, and specifically to analysis and triage of suspected malware-related data items.
Detection of the presence of malware and/or other malicious activity occurring on a network is a highly important, but oftentimes challenging task. Detection of malware and malicious activity is of particular importance to organizations (for example, businesses) that maintain internal networks of computing devices that may be connected to various external networks of computing devices (for example, the Internet) because infection of a single computing device of the internal network may quickly spread to other computing devices of the internal network and may result in significant data loss and/or financial consequences.
Detection of the presence of malware and/or malicious activity on a monitored network may be performed through the examination of activity occurring on a monitored network over time. Previously, determination and identification of malware or malicious activity through the examination of network activity was a labor intensive task. For example, an analyst may have had to pore through numerous tracking logs and other information of the monitored network, manually discern patterns and perform analyses to gain additional context, and compile any information gleaned from such analyses.