PROVIDING ALERTS BASED ON UNSTRUCTURED INFORMATION METHODS AND APPARATUS
First Claim
1. A method comprising:
- receiving a data item from a remotely located information source, the data item including unstructured information;
determining a threat score for the data item by matching information associated with the data item to pre-identified information associated with a numerical value;
responsive to the threat score exceeding a predetermined threshold, creating a Common Alerting Protocol data structure that includes at least a portion of the information associated with the data item; and
transmitting the Common Alerting Protocol data structure.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method, and apparatus for providing alerts based on unstructured information are disclosed. An example method includes receiving a data item from a remotely located information source, the data item including unstructured information. The method also includes determining a threat score for the data item by matching information associated with the data item to pre-identified information associated with a numerical value. The method further includes responsive to the threat score exceeding a predetermined threshold, creating a Common Alerting Protocol data structure that includes at least a portion of the information associated with the data item and transmitting the Common Alerting Protocol data structure.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving a data item from a remotely located information source, the data item including unstructured information; determining a threat score for the data item by matching information associated with the data item to pre-identified information associated with a numerical value; responsive to the threat score exceeding a predetermined threshold, creating a Common Alerting Protocol data structure that includes at least a portion of the information associated with the data item; and transmitting the Common Alerting Protocol data structure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A machine-accessible device having instructions stored thereon that, when executed, cause a machine to at least:
-
determine a threat score for a first data item received from a data source by matching unstructured content within the first data item to pre-identified content associated with at least a value; responsive to the threat score exceeding a predetermined threshold, create a Common Alerting Protocol data structure that includes at least a portion of the content associated with the first data item; and transmit the Common Alerting Protocol data structure causing security personnel associated with a client to perform an action. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. An apparatus, comprising:
-
an interface configured to receive an unstructured data item from a data source; a semantic classifier configured to determine a first threat score by determining content within the data item that substantially matches pre-identified semantic information; a dictionary classifier configured to determine a second threat score by determining the content within the data item that substantially matches pre-identified dictionary information; a location identifier configured to determine a third threat score by determining the content within the data item that substantially matches geographic location information; a content scorer configured to determine whether the combination of the first, second, and third threat scores is greater than a predetermined threshold; and a processor configured to create a Common Alerting Protocol data structure based on at least some of the content within the data item and the combined threat score responsive to the content scorer determining that the combined threat score is greater than the predetermined threshold. - View Dependent Claims (17, 18, 19, 20)
-
Specification