Threat intelligence system and method

US 10,397,267 B2
Filed: 07/05/2016
Issued: 08/27/2019
Est. Priority Date: 07/02/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, executed on a computing device, comprising:

importing threat data from a plurality of threat data sources, thus generating a plurality of raw threat data definitions, wherein the plurality of threat data sources includes social network trader sources, wherein importing threat data from a plurality of threat data sources includes defining a list of specific keywords and searching the social network trader sources for the specific keywords, wherein the list of keywords concern one or more of a specific type of attack, a specific company/organization targeted for an attack, and a specific known hacker;

processing the plurality of raw threat data definitions, thus generating a plurality of processed threat data definitions, wherein the plurality of raw threat data definitions include a plurality of data pieces with one or more of an age level and a trust level;

processing the plurality of processed threat data definitions to form a master threat data definition; and

providing the master threat data definition to one or more client electronic devices to enable the one or more client electronic devices to detect one or more threats, wherein providing the master threat data definition to one or more client electronic devices includes automatically providing at least a portion of the master threat data definition to the one or more client electronic devices using an Extract, Transform, Load (ETL) script.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method, computer program product and computing system for importing threat data from a plurality of threat data sources, thus generating a plurality of raw threat data definitions. The plurality of raw threat data definitions are processed, thus generating a plurality of processed threat data definitions. The plurality of processed threat data definitions are processed to form a master threat data definition. The master threat data definition is provided to one or more client electronic devices.

Citations

18 Claims

1. A computer-implemented method, executed on a computing device, comprising:
- importing threat data from a plurality of threat data sources, thus generating a plurality of raw threat data definitions, wherein the plurality of threat data sources includes social network trader sources, wherein importing threat data from a plurality of threat data sources includes defining a list of specific keywords and searching the social network trader sources for the specific keywords, wherein the list of keywords concern one or more of a specific type of attack, a specific company/organization targeted for an attack, and a specific known hacker;
  
  processing the plurality of raw threat data definitions, thus generating a plurality of processed threat data definitions, wherein the plurality of raw threat data definitions include a plurality of data pieces with one or more of an age level and a trust level;
  
  processing the plurality of processed threat data definitions to form a master threat data definition; and
  
  providing the master threat data definition to one or more client electronic devices to enable the one or more client electronic devices to detect one or more threats, wherein providing the master threat data definition to one or more client electronic devices includes automatically providing at least a portion of the master threat data definition to the one or more client electronic devices using an Extract, Transform, Load (ETL) script.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1 wherein importing threat data from a plurality of threat data sources includes one or more of:
    - receiving the plurality of raw threat data definitions; and
      
      storing the plurality of raw threat data definitions into one or more database tables.
  - 3. The computer-implemented method of claim 1 wherein processing the plurality of raw threat data definitions includes one or more of:
    - deduplicating the plurality of raw threat data definitions;
      
      cleaning the plurality of raw threat data definitions to remove false positives;
      
      converting the plurality of raw threat data definitions into a common format;
      
      determining a category for each of the plurality of raw threat data definitions;
      
      determining a source for each of the plurality of raw threat data definitions;
      
      determining the trust level for each of the plurality of raw threat data definitions; and
      
      determining the age level for each of the plurality of raw threat data definitions.
  - 4. The computer-implemented method of claim 1 wherein processing the plurality of processed threat data definitions to form a master threat data definition includes one or more of:
    - combining the plurality of processed threat data definitions to form the master threat data definition; and
      
      formatting the master threat data definition into a format that is compatible with the one or more client electronic devices.
  - 5. The computer-implemented method of claim 1 wherein providing the master threat data definition to one or more client electronic devices additionally includes:
    - providing at least a portion of the master threat data definition to the one or more client electronic devices using one or more of a Hypertext Markup Language (HTML) report and a pre-formatted data export.
  - 6. The computer-implemented method of claim 1 wherein the plurality of threat data sources includes one or more of:
    - public honeypot servers;
      
      private honeypot servers; and
      
      open source threat feeds.

7. A computer program product residing on a non-transitory computer readable medium having a plurality of instructions stored thereon which, when executed by a processor, cause the processor to perform operations comprising:
- importing threat data from a plurality of threat data sources, thus generating a plurality of raw threat data definitions, wherein the plurality of threat data sources includes social network trader sources, wherein importing threat data from a plurality of threat data sources includes defining a list of specific keywords and searching the social network trader sources for the specific keywords, wherein the list of keywords concern one or more of a specific type of attack, a specific company/organization targeted for an attack, and a specific known hacker;
  
  processing the plurality of raw threat data definitions, thus generating a plurality of processed threat data definitions, wherein the plurality of raw threat data definitions include a plurality of data pieces with one or more of an age level and a trust level;
  
  processing the plurality of processed threat data definitions to form a master threat data definition; and
  
  providing the master threat data definition to one or more client electronic devices to enable the one or more client electronic devices to detect one or more threats, wherein providing the master threat data definition to one or more client electronic devices includes automatically providing at least a portion of the master threat data definition to the one or more client electronic devices using an Extract, Transform, Load (ETL) script.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7 wherein importing threat data from a plurality of threat data sources includes one or more of:
    - receiving the plurality of raw threat data definitions; and
      
      storing the plurality of raw threat data definitions into one or more database tables.
  - 9. The computer program product of claim 7 wherein processing the plurality of raw threat data definitions includes one or more of:
    - deduplicating the plurality of raw threat data definitions;
      
      cleaning the plurality of raw threat data definitions to remove false positives;
      
      converting the plurality of raw threat data definitions into a common format;
      
      determining a category for each of the plurality of raw threat data definitions;
      
      determining a source for each of the plurality of raw threat data definitions;
      
      determining the trust level for each of the plurality of raw threat data definitions; and
      
      determining the age level for each of the plurality of raw threat data definitions.
  - 10. The computer program product of claim 7 wherein processing the plurality of processed threat data definitions to form a master threat data definition includes one or more of:
    - combining the plurality of processed threat data definitions to form the master threat data definition; and
      
      formatting the master threat data definition into a format that is compatible with the one or more client electronic devices.
  - 11. The computer program product of claim 7 wherein providing the master threat data definition to one or more client electronic devices additionally includes:
    - providing at least a portion of the master threat data definition to the one or more client electronic devices using one or more of a Hypertext Markup Language (HTML) report and a pre-formatted data export.
  - 12. The computer program product of claim 7 wherein the plurality of threat data sources includes one or more of:
    - public honeypot servers;
      
      private honeypot servers; and
      
      open source threat feeds.

13. A computing system including a processor and memory configured to perform operations comprising:
- importing threat data from a plurality of threat data sources, thus generating a plurality of raw threat data definitions, wherein the plurality of threat data sources includes social network trader sources, wherein importing threat data from a plurality of threat data sources includes defining a list of specific keywords and searching the social network trader sources for the specific keywords, wherein the list of keywords concern one or more of a specific type of attack, a specific company/organization targeted for an attack, and a specific known hacker;
  
  processing the plurality of raw threat data definitions, thus generating a plurality of processed threat data definitions, wherein the plurality of raw threat data definitions include a plurality of data pieces with one or more of an age level and a trust level;
  
  processing the plurality of processed threat data definitions to form a master threat data definition; and
  
  providing the master threat data definition to one or more client electronic devices to enable the one or more client electronic devices to detect one or more threats, wherein providing the master threat data definition to one or more client electronic devices includes automatically providing at least a portion of the master threat data definition to the one or more client electronic devices using an Extract, Transform, Load (ETL) script.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computing system of claim 13 wherein importing threat data from a plurality of threat data sources includes one or more of:
    - receiving the plurality of raw threat data definitions; and
      
      storing the plurality of raw threat data definitions into one or more database tables.
  - 15. The computing system of claim 13 wherein processing the plurality of raw threat data definitions includes one or more of:
    - deduplicating the plurality of raw threat data definitions;
      
      cleaning the plurality of raw threat data definitions to remove false positives;
      
      converting the plurality of raw threat data definitions into a common format;
      
      determining a category for each of the plurality of raw threat data definitions;
      
      determining a source for each of the plurality of raw threat data definitions;
      
      determining the trust level for each of the plurality of raw threat data definitions; and
      
      determining the age level for each of the plurality of raw threat data definitions.
  - 16. The computing system of claim 13 wherein processing the plurality of processed threat data definitions to form a master threat data definition includes one or more of:
    - combining the plurality of processed threat data definitions to form the master threat data definition; and
      
      formatting the master threat data definition into a format that is compatible with the one or more client electronic devices.
  - 17. The computing system of claim 13 wherein providing the master threat data definition to one or more client electronic devices additionally includes:
    - providing at least a portion of the master threat data definition to the one or more client electronic devices using one or more of a Hypertext Markup Language (HTML) report and a pre-formatted data export.
  - 18. The computing system of claim 13 wherein the plurality of threat data sources includes one or more of:
    - public honeypot servers;
      
      private honeypot servers; and
      
      open source threat feeds.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Reliaquest Holdings, LLC
Original Assignee
Reliaquest Holdings, LLC
Inventors
Murphy, Brian P., Partlow, Joe
Primary Examiner(s)
Kabir, Jahangir

Application Number

US15/202,213
Publication Number

US 20170006058A1
Time in Patent Office

1,148 Days
Field of Search

726 22- 25
US Class Current
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 67/02   based on web technology, e....

H04L 67/563   Data redirection of data ne...

Threat intelligence system and method

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Threat intelligence system and method

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links