Rating threat submitter
First Claim
Patent Images
1. A non-transitory machine-readable storage medium storing instructions that, if executed by at least one processor of a computing system, cause the computing system to:
- receive information about a threat observable from a threat submitter device via a network, wherein the threat observable is detected by the threat submitter device;
provide threat data about the threat observable to a plurality of participant devices in a threat exchange system;
receive usage information from at least one participant device of the plurality of participant devices about the threat data, the usage information generated by rules-based automation of the at least one participant device and indicating a usage of the threat data by the at least one participant device; and
update, by a rating engine, a rating of the threat submitter device based on the received usage information generated by the rules-based automation of the at least one participant device.
8 Assignments
0 Petitions
Accused Products
Abstract
Example embodiments disclosed herein relate to update a rating of threat submitters. Information is received of threat observables from threat submitters. Information about the threat observables is provided to one or more entities. Feedback about a threat observable is received from one of the entities. A rating of the threat submitter associated with the feedback is updated.
17 Citations
20 Claims
-
1. A non-transitory machine-readable storage medium storing instructions that, if executed by at least one processor of a computing system, cause the computing system to:
-
receive information about a threat observable from a threat submitter device via a network, wherein the threat observable is detected by the threat submitter device; provide threat data about the threat observable to a plurality of participant devices in a threat exchange system; receive usage information from at least one participant device of the plurality of participant devices about the threat data, the usage information generated by rules-based automation of the at least one participant device and indicating a usage of the threat data by the at least one participant device; and update, by a rating engine, a rating of the threat submitter device based on the received usage information generated by the rules-based automation of the at least one participant device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
receiving, by a threat management device, threat observable information about a threat observable from a threat submitter device via a network, wherein the threat observable is detected by the threat submitter device; providing, by the threat management device, the threat observable information to a plurality of participant devices in a threat exchange system; receiving, by the threat management device, usage information from at least one participant device of the plurality of participant devices about the threat observable information, the usage information automatically generated by the at least one participant device and indicating a usage of the threat observable information by the at least one participant device; updating, by a rating engine of the threat management device, a rating for the threat submitter device based on the usage information received from the at least one participant device, wherein the updated rating represents a confidence that the threat submitter device is submitting useful threat data based on an analysis of the usage information received from the at least one participant device; receiving, by the threat management device, other threat observable information about another threat observable from the threat submitter device; determining, by the threat management device, a threat score for the other threat observable based at least in part on the updated rating for the threat submitter device. - View Dependent Claims (11, 12, 19, 20)
-
-
13. A computing system comprising:
-
a processor; a communication engine executed by the processor to receive threat data from a threat submitter device via a network; a score engine executed by the processor to score the threat data for at least one participant device in a threat exchange system, wherein the communication engine is further to provide the score to the at least one participant device; wherein the communication engine is further to receive usage information of the threat data the usage information automatically generated by the at least one participant device and indicating a usage of the threat data by the at least one participant device; a rating engine executed by the processor to update a rating for the threat submitter device based on the usage information generated by the rules-based automation of the at least one participant device. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification