Systems and methods for automated retrieval, processing, and distribution of cyber-threat information
First Claim
1. A device for managing cyber-threat to an entity system, comprising:
- a network adapter configured to receive;
first cyber-threat information in a non-standard format from a network component of the entity system, the network component of the entity system being configured to expose an Application Program Interface (API) to collect at least a portion of the first cyber-threat information; and
second cyber-threat information in a standard format from a distributor external to the entity system, the distributor being configured to collect and share the second cyber-threat information in the standard format; and
at least one processor configured to perform operations comprising;
filtering the first cyber-threat information and the second cyber-threat information based on exclusion criteria to exclude from further processing;
after completion of filtering, converting the first cyber-threat information into processed first cyber-threat information in the standard format, the standard format comprising;
a first data marking indicating a categorization of the first cyber-threat information;
a second data marking indicating an expiration of the first cyber-threat information; and
a context comprising detection and remediation procedures for cyber-attacks associated with the first cyber-threat information;
combining the processed first cyber-threat information and the second cyber-threat information into combined cyber-threat information;
automatically instructing the network component of the entity system to reconfigure the network component in response to the combined cyber-threat information; and
transmitting the combined cyber-threat information to the distributor.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for automated retrieval, processing, and/or distribution of cyber-threat information using a cyber-threat device. Consistent with disclosed embodiments, the cyber-threat device may receive cyber-threat information in first formats from internal sources of cyber-threat information using an accessing component of the cyber-threat device. The cyber-threat device may receive cyber-threat information second formats from external sources of cyber-threat information using an accessing component of the cyber-threat device. The cyber-threat device may process the received cyber-threat information in the first formats and the second formats into a standard format using a processing component of the cyber-threat device. The cyber-threat device may provide the processed items of cyber-threat information to a distributor using a distributing component of the cyber-threat device. The cyber-threat device may automatically report information concerning the processed items of cyber-threat information to a device of a user with a reporting component of the cyber-threat device.
-
Citations
20 Claims
-
1. A device for managing cyber-threat to an entity system, comprising:
-
a network adapter configured to receive; first cyber-threat information in a non-standard format from a network component of the entity system, the network component of the entity system being configured to expose an Application Program Interface (API) to collect at least a portion of the first cyber-threat information; and second cyber-threat information in a standard format from a distributor external to the entity system, the distributor being configured to collect and share the second cyber-threat information in the standard format; and at least one processor configured to perform operations comprising; filtering the first cyber-threat information and the second cyber-threat information based on exclusion criteria to exclude from further processing; after completion of filtering, converting the first cyber-threat information into processed first cyber-threat information in the standard format, the standard format comprising; a first data marking indicating a categorization of the first cyber-threat information; a second data marking indicating an expiration of the first cyber-threat information; and a context comprising detection and remediation procedures for cyber-attacks associated with the first cyber-threat information; combining the processed first cyber-threat information and the second cyber-threat information into combined cyber-threat information; automatically instructing the network component of the entity system to reconfigure the network component in response to the combined cyber-threat information; and transmitting the combined cyber-threat information to the distributor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A device for managing cyber-threat to an entity system, comprising:
-
a network adapter configured to receive; first cyber-threat information in a non-standard format from a network component of the entity system, the network component of the entity system being configured to expose an Application Program Interface (API) to collect at least a portion of the first cyber-threat information; and second cyber-threat information in a standard format from a distributor external to the entity system, the distributor being configured to collect and share the second cyber-threat information in the standard format; at least one processor configured to perform operations comprising; filtering the first cyber-threat information and the second cyber-threat information based on exclusion criteria to exclude from further processing; after completion of filtering, converting the first cyber-threat information into processed first cyber-threat information in the standard format, the standard format comprising; a first data marking indicating a categorization of the first cyber-threat information; a second data marking indicating an expiration of the first cyber-threat information; and a context comprising detection and remediation procedures for cyber-attacks associated with the first cyber-threat information; combining the processed first cyber-threat information and the second cyber-threat information into combined cyber-threat information; automatically instructing the network component of the entity system to reconfigure the network component in response to the combined cyber-threat information; and transmitting the combined cyber-threat information to the distributor; and a non-transitory memory configured to store the first cyber-threat information, the second cyber-threat information, and the combined cyber-threat information. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A method for managing cyber-threat to an entity system, comprising:
-
receiving using a network adapter of a cyber-threat management device; first cyber-threat information in a non-standard format from a network component of the entity system, the network component of the entity system being configured to expose an Application Program Interface (API) to collect at least a portion of the first cyber-threat information; and second cyber-threat information in a standard format from a distributor external to the entity system, the distributor being configured to collect and share the second cyber-threat information in the standard format; filtering, using one or more processors of the cyber-threat management device, the first cyber-threat information and the second cyber-threat information based on exclusion criteria to exclude from further processing; after completion of filtering, converting, using the one or more processors, the first cyber-threat information into processed first cyber-threat information in the standard format, the standard format comprising; a first data marking indicating a categorization of the first cyber-threat information; a second data marking indicating an expiration of the first cyber-threat information; and a context comprising detection and remediation procedures for cyber-attacks associated with the first cyber-threat information; combining, using the one or more processors, the processed first cyber-threat information and the second cyber-threat information into combined cyber-threat information; automatically instructing, using the one or more processors, the network component of the entity system to reconfigure the network component in response to the combined cyber-threat information; and transmit, using the network adapter of the cyber-threat management device, the combined cyber-threat information to the distributor; and storing to a non-transitory memory the first cyber-threat information, the second cyber-threat information, and the combined cyber-threat information.
-
Specification