Malware analysis platform for threat intelligence made actionable
First Claim
Patent Images
1. A computer-implemented method, comprising:
- receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis;
processing the log files to determine artifacts associated with malware, wherein a raw log file generated for each of the plurality of samples comprises one or more lines based on results of the automated malware analysis for each of the plurality of samples, and wherein processing the log files to determine artifacts associated with malware further comprises;
processing the raw log files for each of the plurality of samples to generate processed log files, wherein each of the processed log files provides a human readable format of the automated malware analysis; and
identifying distinct lines in each of the processed log files for performing line counts to provide a statistical view of the results of the automated malware analysis; and
determining line counts for each of the log files to provide a statistical view of malware analysis results data that includes how many times each distinct line is associated with malware samples and with benign samples.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for a malware analysis platform for threat intelligence made actionable are disclosed. In some embodiments, a system, process, and/or computer program product for a malware analysis platform for threat intelligence made actionable includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to determine artifacts associated with malware; and performing an action based on an artifact.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to determine artifacts associated with malware, wherein a raw log file generated for each of the plurality of samples comprises one or more lines based on results of the automated malware analysis for each of the plurality of samples, and wherein processing the log files to determine artifacts associated with malware further comprises; processing the raw log files for each of the plurality of samples to generate processed log files, wherein each of the processed log files provides a human readable format of the automated malware analysis; and identifying distinct lines in each of the processed log files for performing line counts to provide a statistical view of the results of the automated malware analysis; and determining line counts for each of the log files to provide a statistical view of malware analysis results data that includes how many times each distinct line is associated with malware samples and with benign samples. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system, comprising:
-
a processor configured to; receive a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; process the log files to determine artifacts associated with malware, wherein a raw log file generated for each of the plurality of samples comprises one or more lines based on results of the automated malware analysis for each of the plurality of samples, and wherein process the log files to determine artifacts associated with malware further comprises; process the raw log files for each of the plurality of samples to generate processed log files, wherein each of the processed log files provides a human readable format of the automated malware analysis; and identify distinct lines in each of the processed log files for performing line counts to provide a statistical view of the results of the automated malware analysis; and determine line counts for each of the log files to provide a statistical view of malware analysis results data that includes how many times each distinct line is associated with malware samples and with benign samples; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A computer program product, the computer program product being embodied in a non-transitory tangible computer readable storage medium and comprising computer instructions for:
-
receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to determine artifacts associated with malware, wherein a raw log file generated for each of the plurality of samples comprises one or more lines based on results of the automated malware analysis for each of the plurality of samples, and wherein processing the log files to determine artifacts associated with malware further comprises; processing the raw log files for each of the plurality of samples to generate processed log files, wherein each of the processed log files provides a human readable format of the automated malware analysis; and identifying distinct lines in each of the processed log files for performing line counts to provide a statistical view of the results of the automated malware analysis; and determining line counts for each of the log files to provide a statistical view of malware analysis results data that includes how many times each distinct line is associated with malware samples and with benign samples. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification