Unstructured security threat information analysis
First Claim
1. A system comprising one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising:
- receiving unstructured textual data;
parsing the unstructured textual data into a plurality of sections including a first section and a second section that is a different section in the unstructured textual data than the first section;
for each section in the plurality of sections;
identifying one or more keywords in data for the section in the plurality of sections;
determining one or more patterns that match the section using the identified one or more keywords; and
identifying one or more intelligence types that correspond to the section using the determined one or more patterns;
associating, for a first intelligence type from the identified one or more intelligence types for the first section, the data for the first section from the unstructured textual data with the first intelligence type;
associating, for a second intelligence type from the identified one or more intelligence types for the second section, the data for the second section from the unstructured textual data with the second intelligence type, wherein the second intelligence type is a different intelligence type than the first intelligence type;
determining a rule for a third party that indicates that the third party should receive data associated with a particular intelligence type of the one or more intelligence types;
determining that the first intelligence type is the particular intelligence type; and
providing the data for the first section to a system of the third party.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating structured data using data received from unstructured textual data sources. One of the methods includes receiving unstructured textual data, identifying one or more keywords in the unstructured textual data, determining one or more patterns included in the unstructured textual data using the identified keywords, identifying one or more intelligence types that correspond with the unstructured textual data using the determined patterns, and associating, for each of the identified intelligence types, a data subset from the unstructured textual data with the respective intelligence type.
-
Citations
20 Claims
-
1. A system comprising one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising:
-
receiving unstructured textual data; parsing the unstructured textual data into a plurality of sections including a first section and a second section that is a different section in the unstructured textual data than the first section; for each section in the plurality of sections; identifying one or more keywords in data for the section in the plurality of sections; determining one or more patterns that match the section using the identified one or more keywords; and identifying one or more intelligence types that correspond to the section using the determined one or more patterns; associating, for a first intelligence type from the identified one or more intelligence types for the first section, the data for the first section from the unstructured textual data with the first intelligence type; associating, for a second intelligence type from the identified one or more intelligence types for the second section, the data for the second section from the unstructured textual data with the second intelligence type, wherein the second intelligence type is a different intelligence type than the first intelligence type; determining a rule for a third party that indicates that the third party should receive data associated with a particular intelligence type of the one or more intelligence types; determining that the first intelligence type is the particular intelligence type; and providing the data for the first section to a system of the third party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer storage medium encoded with instructions that, when executed by one or more computers, cause the one or more computers to perform operations comprising:
-
receiving unstructured textual data; parsing the unstructured textual data into a plurality of sections including a first section and a second section that is a different section in the unstructured textual data than the first section; for each section in the plurality of sections; identifying one or more keywords in data for the section in the plurality of sections; determining one or more patterns that match the section using the identified one or more keywords; and identifying one or more intelligence types that correspond to the section using the determined one or more patterns; associating, for a first intelligence type from the identified one or more intelligence types for the first section, the data for the first section from the unstructured textual data with the first intelligence type; associating, for a second intelligence type from the identified one or more intelligence types for the second section, the data for the second section from the unstructured textual data with the second intelligence type, wherein the second intelligence type is a different intelligence type than the first intelligence type; determining a rule for a third party that indicates that the third party should receive data associated with a particular intelligence type of the one or more intelligence types; determining that the first intelligence type is the particular intelligence type; and providing the data for the first section to a system of the third party. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-implemented method comprising:
-
receiving unstructured textual data; parsing the unstructured textual data into a plurality of sections including a first section and a second section that is a different section in the unstructured textual data than the first section; for each section in the plurality of sections; identifying one or more keywords in data for the section in the plurality of sections; determining one or more patterns that match the section using the identified one or more keywords; and identifying one or more intelligence types that correspond to the section using the determined one or more patterns; associating, for a first intelligence type from the identified one or more intelligence types for the first section, the data for the first section from the unstructured textual data with the first intelligence type; associating, for a second intelligence type from the identified one or more intelligence types for the second section, the data for the second section from the unstructured textual data with the second intelligence type, wherein the second intelligence type is a different intelligence type than the first intelligence type; determining a rule for a third party that indicates that the third party should receive data associated with a particular intelligence type of the one or more intelligence types; determining that the first intelligence type is the particular intelligence type; and providing the data for the first section to a system of the third party. - View Dependent Claims (18, 19, 20)
-
Specification