×

Threat response systems and methods

  • US 10,552,615 B2
  • Filed: 02/18/2016
  • Issued: 02/04/2020
  • Est. Priority Date: 02/18/2016
  • Status: Active Grant
First Claim
Patent Images

1. A method for incident response, comprising:

  • receiving, by a security operations system, an alarm in response to a threat detected on a monitored system, wherein the alarm includes characteristics of the threat;

    generating, by the security operations system, a record in response to the alarm, wherein the record includes a severity level assigned to the record, wherein the severity level is automatically generated based on a threat level identified in the alarm;

    populating, by the security operations system, a form with the characteristics of the threat, wherein the form is associated with the record and selected in response to a type of the threat;

    generating, by the security operations system, a workflow, wherein the workflow is customizable, by at least one of adding, removing, or modifying a rule for an action, prior to the security operations system receiving the alarm, wherein the workflow is configured to be automatically executed to address the alarm, and wherein the workflow comprises a first action;

    automatically executing, by the security operations system, the first action of the workflow;

    receiving, by the security operations system, security contextual data in response to a request including the characteristics of the threat;

    updating, by the security operations system, the form to include the security contextual data;

    enriching, by the security operations system, the workflow to generate a second action; and

    automatically executing, by the security operations system, the second action of the workflow.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×