Systems and methods for automated retrieval, processing, and distribution of cyber-threat information
First Claim
1. A cyber-threat network device for automated processing of cyber-threat information, comprising:
- a network adapter configured to receive;
first cyber-threat information in a first format from an internal cyber-threat information source over a private network, the internal cyber-threat information source comprising a network component of an entity system, the network component being configured to provide, using an Application Program Interface (API) exposed by the network component, at least a portion of the first cyber-threat information; and
second cyber-threat information in a second format from an external cyber-threat information source over an external network;
at least one processor configured to perform operations comprising;
filtering the first cyber-threat information and the second cyber-threat information by applying exclusion criteria to exclude, from further processing, the received cyber-threat information that satisfies the exclusion criteria;
processing the filtered first cyber-threat information and the filtered second cyber-threat information into processed cyber-threat information in a standard format, the standard format comprising;
a first data marking indicating a categorization of the first cyber-threat information and the second cyber-threat information;
a second data marking indicating an expiration of the first cyber-threat information and the second cyber-threat information; and
a context comprising detection and remediation procedures for cyber-attacks associated with the first cyber-threat information and the second cyber-threat information;
extracting, from the first cyber-threat information and the second cyber-threat information, information identifying the processed cyber-threat information based on stored identification criteria;
enforcing policy rules specifying at least one of;
a user authorized to access the processed cyber-threat information;
a type of processed cyber-threat information that may be accessed;
methods of access to the processed cyber-threat information;
orpermissible uses of accessed items of the processed cyber-threat information;
automatically instructing the network component of the entity system to reconfigure the network component in response to the processed cyber-threat information; and
distributing the processed cyber-threat information in the standard format to a distributor using an API exposed by the distributor.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for automated retrieval, processing, and/or distribution of cyber-threat information using a cyber-threat device. Consistent with disclosed embodiments, the cyber-threat device may receive cyber-threat information in first formats from internal sources of cyber-threat information using an accessing component of the cyber-threat device. The cyber-threat device may receive cyber-threat information second formats from external sources of cyber-threat information using an accessing component of the cyber-threat device. The cyber-threat device may process the received cyber-threat information in the first formats and the second formats into a standard format using a processing component of the cyber-threat device. The cyber-threat device may provide the processed items of cyber-threat information to a distributor using a distributing component of the cyber-threat device. The cyber-threat device may automatically report information concerning the processed items of cyber-threat information to a device of a user with a reporting component of the cyber-threat device.
13 Citations
19 Claims
-
1. A cyber-threat network device for automated processing of cyber-threat information, comprising:
-
a network adapter configured to receive; first cyber-threat information in a first format from an internal cyber-threat information source over a private network, the internal cyber-threat information source comprising a network component of an entity system, the network component being configured to provide, using an Application Program Interface (API) exposed by the network component, at least a portion of the first cyber-threat information; and second cyber-threat information in a second format from an external cyber-threat information source over an external network; at least one processor configured to perform operations comprising; filtering the first cyber-threat information and the second cyber-threat information by applying exclusion criteria to exclude, from further processing, the received cyber-threat information that satisfies the exclusion criteria; processing the filtered first cyber-threat information and the filtered second cyber-threat information into processed cyber-threat information in a standard format, the standard format comprising; a first data marking indicating a categorization of the first cyber-threat information and the second cyber-threat information; a second data marking indicating an expiration of the first cyber-threat information and the second cyber-threat information; and a context comprising detection and remediation procedures for cyber-attacks associated with the first cyber-threat information and the second cyber-threat information; extracting, from the first cyber-threat information and the second cyber-threat information, information identifying the processed cyber-threat information based on stored identification criteria; enforcing policy rules specifying at least one of; a user authorized to access the processed cyber-threat information; a type of processed cyber-threat information that may be accessed; methods of access to the processed cyber-threat information;
orpermissible uses of accessed items of the processed cyber-threat information; automatically instructing the network component of the entity system to reconfigure the network component in response to the processed cyber-threat information; and distributing the processed cyber-threat information in the standard format to a distributor using an API exposed by the distributor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A cyber-threat network device for automated processing of cyber-threat information, comprising:
-
a network adapter configured to receive; first cyber-threat information in a first format from an internal cyber-threat information source over a private network, the internal cyber-threat information source comprising a network component of an entity system, the network component configured to provide, using an Application Program Interface (API) exposed by the network component, at least some of the first cyber-threat information; and second cyber-threat information in a second format from an external cyber-threat information source over an external network; at least one processor configured to perform operations comprising; filtering the first cyber-threat information and the second cyber-threat information by applying exclusion criteria to exclude, from further processing, the received cyber-threat information that satisfies the exclusion criteria; processing the filtered first cyber-threat information and the filtered second cyber-threat information into processed cyber-threat information in a standard format, the standard format comprising; a first data marking that indicates a categorization of the first cyber-threat information and the second cyber-threat information; a second data marking indicating an expiration of the first cyber-threat information and the second cyber-threat information; and a context comprising detection and remediation procedures for cyber-attacks associated with the first cyber-threat information and the second cyber-threat information; automatically generating reports using the first cyber-threat information and the second cyber-threat information; automatically instructing the network component of the entity system to reconfigure a configuration of the network component in response to the processed cyber-threat information; and distributing the processed cyber-threat information in the standard format to a distributor using an API exposed by the distributor; and a non-transitory memory configured to store the first cyber-threat information, the second cyber-threat information, and the processed cyber-threat information. - View Dependent Claims (16, 17, 18, 19)
-
Specification