Systems and methods for automated retrieval, processing, and distribution of cyber-threat information
First Claim
1. A method for automated retrieval, processing, and distribution of cyber-threat information from a plurality of sources using a network device, comprising:
- receiving cyber-threat information in one or more first formats from at least one internal source of cyber-threat information using an accessing component of the network device, wherein the at least one internal source comprises at least one network component of an entity system;
receiving cyber-threat information in one or more second formats from at least one external source of cyber-threat information using the accessing component of the network device;
applying exclusion criteria to prevent a processing component from processing the received cyber-threat information into a standard format if the received cyber-threat information satisfies the exclusion criteria;
processing the received cyber-threat information in the one or more first formats and the one or more second formats into the standard format using the processing component of the network device, wherein the standard format comprises;
a first data marking that indicates a categorization of the received cyber-threat information in the one or more first formats and the one or more second formats;
a second data marking that indicates an expiration of the received cyber-threat information in one or more first formats and the one or more second formats;
a first context comprising an identifier of the processed cyber-threat information, wherein the identifier is generated by a cryptographic hash function;
a second context comprising detection and remediation procedures for cyber-threats associated with the received cyber-threat information; and
at least one observable comprising standardized descriptions of the received cyber-threat information;
providing the processed cyber-threat information to a distributor using a distributing component of the network device;
automatically instructing the at least one network component of the entity system to reconfigure the at least one network component in response to the processed cyber-threat information; and
automatically reporting information concerning the processed cyber-threat information to a user device using a reporting component of the network device.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for automated retrieval, processing, and/or distribution of cyber-threat information using a cyber-threat device. Consistent with disclosed embodiments, the cyber-threat device may receive cyber-threat information in first formats from internal sources of cyber-threat information using an accessing component of the cyber-threat device. The cyber-threat device may receive cyber-threat information second formats from external sources of cyber-threat information using an accessing component of the cyber-threat device. The cyber-threat device may process the received cyber-threat information in the first formats and the second formats into a standard format using a processing component of the cyber-threat device. The cyber-threat device may provide the processed items of cyber-threat information to a distributor using a distributing component of the cyber-threat device. The cyber-threat device may automatically report information concerning the processed items of cyber-threat information to a device of a user with a reporting component of the cyber-threat device.
-
Citations
26 Claims
-
1. A method for automated retrieval, processing, and distribution of cyber-threat information from a plurality of sources using a network device, comprising:
-
receiving cyber-threat information in one or more first formats from at least one internal source of cyber-threat information using an accessing component of the network device, wherein the at least one internal source comprises at least one network component of an entity system; receiving cyber-threat information in one or more second formats from at least one external source of cyber-threat information using the accessing component of the network device; applying exclusion criteria to prevent a processing component from processing the received cyber-threat information into a standard format if the received cyber-threat information satisfies the exclusion criteria; processing the received cyber-threat information in the one or more first formats and the one or more second formats into the standard format using the processing component of the network device, wherein the standard format comprises; a first data marking that indicates a categorization of the received cyber-threat information in the one or more first formats and the one or more second formats; a second data marking that indicates an expiration of the received cyber-threat information in one or more first formats and the one or more second formats; a first context comprising an identifier of the processed cyber-threat information, wherein the identifier is generated by a cryptographic hash function; a second context comprising detection and remediation procedures for cyber-threats associated with the received cyber-threat information; and at least one observable comprising standardized descriptions of the received cyber-threat information; providing the processed cyber-threat information to a distributor using a distributing component of the network device; automatically instructing the at least one network component of the entity system to reconfigure the at least one network component in response to the processed cyber-threat information; and automatically reporting information concerning the processed cyber-threat information to a user device using a reporting component of the network device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification