Time Series Analysis

This article describes the overview and benefits of implementing time series analysis over multiple signals, along with use cases that empower you to identify anomalies in the IT infrastructure.

Uncover Hidden Trends with Time Series Analysis

Time Series Analysis empowers you to quickly identify hidden trends, patterns, and anomalies in your security data by analyzing signals over time. This feature helps you investigate potential threats with the following functionalities:

Aggregate Insights

Gain a comprehensive overview: This section provides a summary of all data points associated with your signals within the selected time-frame.

Filter and Focus: Each metadata field/dimension is displayed with its respective count. You can apply filters to specific metadata values to focus your analysis on relevant data sets.

Example: The signal metadata 'principal.userid' provides the number of times each user appears in the signals under analysis. This can be used to identify potential outliers, such as users appearing in an unusually high number of Signals

Time Series Plot

Visualize Trends: This section displays a time series plot of the signals over the selected date range.

Interactive plot: Hovering over specific points on the plot reveals a tool tip displaying the distribution of the metadata values for the point in time.

Example: Hovering over specific points reveals a pop-up window showing the distribution of various data points contributing to the signal count at that time.

Axes Plot

Uncover Specific Trends: Map any data point onto the time series plot to see how its associated signal volume changes over time.

Visualize trends: By selecting a specific metadata value, you can see how the number of signals associated with that value changes over time. This helps you identify periods of increased activity for specific users, devices, or other relevant metadata categories.

Example: You can map the network.dns_domain metadata onto the plot to see how the number of signals related to a particular domain fluctuates over time. This can be helpful in identifying potential spikes in suspicious domain activity.

Combining these functionalities, Time Series Analysis empowers you to:

• Identify trends and anomalies: Uncover recurring patterns or unusual changes in signal behavior over time.
• Focus investigations: Prioritize investigations based on user activity, specific events, or other relevant metadata.
• Gain deeper understanding: Contextualize individual signals by understanding their historical trends and relationships with other data points.

By leveraging Time Series Analysis, you can gain valuable insights into your security data, enabling you to proactively identify and mitigate potential threats.