System and method for vendor agnostic automatic supplementary intelligence propagation
First Claim
Patent Images
1. An information handling system comprising:
- a storage device configured to store network activity logs from a first set of client systems and a second set of client systems; and
a processor configured to;
receive a security alert from the first set of client systems;
analyze the security alert to obtain a plurality of supplementary indicators;
utilize the supplementary indicators to build a statistical security model; and
analyze activity on the second set of client systems using the statistical security model to identify an additional security event,wherein the first set of client systems does not include the second set of client systems.
1 Assignment
0 Petitions
Accused Products
Abstract
An information handling system includes a storage and a processor. The storage is configured to store network activity logs from a first client system and a second client system. The processor is configured to receive a security alert from the first client system, analyze the security alert to obtain a plurality of indicators, utilize the supplementary indicators to build a statistical security model, and analyze activity on the second client system using the statistical security model to identify an additional security events.
12 Citations
18 Claims
-
1. An information handling system comprising:
-
a storage device configured to store network activity logs from a first set of client systems and a second set of client systems; and a processor configured to; receive a security alert from the first set of client systems; analyze the security alert to obtain a plurality of supplementary indicators; utilize the supplementary indicators to build a statistical security model; and analyze activity on the second set of client systems using the statistical security model to identify an additional security event, wherein the first set of client systems does not include the second set of client systems. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for automated malware analysis, comprising:
-
receiving alerts of one or more security events from a first set of client systems; analyzing the security event alerts to obtain a plurality of indicators; utilizing the indicators to build a statistical security model; and analyzing activity of a second set of client systems using the statistical security model to identify an additional security event, wherein the security alert is from the first set of client systems that does not include the second set of client systems. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium including code that when executed causes a processor to perform a method, the method comprising:
-
receiving alerts of one or more security events from a first set of client systems; analyzing the security event alerts to obtain a plurality of indicators; utilizing the indicators to build a statistical security model; and analyzing activity of a second set of client systems the statistical security model to identify an additional security event, wherein the security alert is from the first set of client systems that does not include the second set of client systems. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification