SECURITY THREAT INFORMATION ANALYSIS
First Claim
1. A computer-implemented method comprising:
- determining, by one or more computers in an analysis system, one or more intelligence types;
categorizing, by at least one of the computers and for each dataset from multiple datasets that each include information about potential security threats, each subset of data for the respective dataset, the categorizing comprising;
identifying, by at least one of the computers and for each of the subsets of data in the respective dataset, an intelligence type that categorizes the subset of data; and
associating, by at least one of the computers and for each of the subsets of data in the respective dataset, the subset of data with the corresponding intelligence type;
determining, by at least one of the computers and for each of the categorized subsets, whether the respective subset does not comprise information about the same threat as a different subset;
determining, by at least one of the computers, that a first subset from the categorized subsets does not comprise information about the same threat as a second different subset in response to determining whether the respective subset does not comprise information about the same threat as a different subset;
determining, by at least one of the computers, that a third subset from the categorized subsets comprises information about the same threat as a fourth different subset in response to determining whether the respective subset does not comprise information about the same threat as a different subset;
determining, by at least one of the computers, a group of the subsets that include particular data a third party system should receive from the analysis system, including;
determining, for a first third party system, a first group includes the first subset; and
determining, for a second third party system, a second group that includes the third subset and does not include the fourth subset;
assigning, by at least one of the computers and for each subset in each of the groups, a priority to the respective subset; and
sending, by at least one of the computers and to a third party system, the subsets in the group of the subsets using the respective priorities including;
sending, to the first third party system, the subsets in the first group, including the first subset, using the respective priorities; and
sending, to the second third party system, the subsets in the second group, including the third subset, using the respective priorities.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing data that includes security threat information. One of the methods includes identifying intelligence types that each categorizes a subset of data, associating, for each of the intelligence types, each of the subsets of data, which are categorized by the respective intelligence type, with the respective intelligence type, determining rules for a third party that each indicate that the third party should receive data associated with particular types of potential security threats and priority information for the data, determining, for each of the potential security threats indicated in the rules, a group of the subsets that include information associated with the respective potential security threat, assigning, for each subset in each of the groups, a priority to the respective subset using the priority information, and providing the determined subsets to the third party using the respective priorities.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
determining, by one or more computers in an analysis system, one or more intelligence types; categorizing, by at least one of the computers and for each dataset from multiple datasets that each include information about potential security threats, each subset of data for the respective dataset, the categorizing comprising; identifying, by at least one of the computers and for each of the subsets of data in the respective dataset, an intelligence type that categorizes the subset of data; and associating, by at least one of the computers and for each of the subsets of data in the respective dataset, the subset of data with the corresponding intelligence type; determining, by at least one of the computers and for each of the categorized subsets, whether the respective subset does not comprise information about the same threat as a different subset; determining, by at least one of the computers, that a first subset from the categorized subsets does not comprise information about the same threat as a second different subset in response to determining whether the respective subset does not comprise information about the same threat as a different subset; determining, by at least one of the computers, that a third subset from the categorized subsets comprises information about the same threat as a fourth different subset in response to determining whether the respective subset does not comprise information about the same threat as a different subset; determining, by at least one of the computers, a group of the subsets that include particular data a third party system should receive from the analysis system, including; determining, for a first third party system, a first group includes the first subset; and determining, for a second third party system, a second group that includes the third subset and does not include the fourth subset; assigning, by at least one of the computers and for each subset in each of the groups, a priority to the respective subset; and sending, by at least one of the computers and to a third party system, the subsets in the group of the subsets using the respective priorities including; sending, to the first third party system, the subsets in the first group, including the first subset, using the respective priorities; and sending, to the second third party system, the subsets in the second group, including the third subset, using the respective priorities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising; determining, by at least one of the computers in an analysis system, one or more intelligence types; categorizing, by at least one of the computers and for each dataset from multiple datasets that each include information about potential security threats, each subset of data for the respective dataset, the categorizing comprising; identifying, by at least one of the computers and for each of the subsets of data in the respective dataset, an intelligence type that categorizes the subset of data; and associating, by at least one of the computers and for each of the subsets of data in the respective dataset, the subset of data with the corresponding intelligence type; determining, by at least one of the computers and for each of the categorized subsets, whether the respective subset does not comprise information about the same threat as a different subset; determining, by at least one of the computers, that a first subset from the categorized subsets does not comprise information about the same threat as a second different subset in response to determining whether the respective subset does not comprise information about the same threat as a different subset; determining, by at least one of the computers, that a third subset from the categorized subsets comprises information about the same threat as a fourth different subset in response to determining whether the respective subset does not comprise information about the same threat as a different subset; determining, by at least one of the computers, a group of the subsets that include particular data a third party system should receive from the analysis system, including; determining, for a first third party system, a first group includes the first subset; and determining, for a second third party system, a second group that includes the third subset and does not include the fourth subset; assigning, by at least one of the computers and for each subset in each of the groups, a priority to the respective subset; and sending, by at least one of the computers and to a third party system, the subsets in the group of the subsets using the respective priorities including; sending, to the first third party system, the subsets in the first group, including the first subset, using the respective priorities; and sending, to the second third party system, the subsets in the second group, including the third subset, using the respective priorities. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
20. A non-transitory computer storage medium encoded with instructions that, when executed by one or more computers, cause the one or more computers to perform operations comprising:
-
determining, by at least one of the computers in an analysis system, one or more intelligence types; categorizing, by at least one of the computers and for each dataset from multiple datasets that each include information about potential security threats, each subset of data for the respective dataset, the categorizing comprising; identifying, by at least one of the computers and for each of the subsets of data in the respective dataset, an intelligence type that categorizes the subset of data; and associating, by at least one of the computers and for each of the subsets of data in the respective dataset, the subset of data with the corresponding intelligence type; determining, by at least one of the computers and for each of the categorized subsets, whether the respective subset does not comprise information about the same threat as a different subset; determining, by at least one of the computers, that a first subset from the categorized subsets does not comprise information about the same threat as a second different subset in response to determining whether the respective subset does not comprise information about the same threat as a different subset; determining, by at least one of the computers, that a third subset from the categorized subsets comprises information about the same threat as a fourth different subset in response to determining whether the respective subset does not comprise information about the same threat as a different subset; determining, by at least one of the computers, a group of the subsets that include particular data a third party system should receive from the analysis system, including; determining, for a first third party system, a first group includes the first subset; and determining, for a second third party system, a second group that includes the third subset and does not include the fourth subset; assigning, by at least one of the computers and for each subset in each of the groups, a priority to the respective subset; and sending, by at least one of the computers and to a third party system, the subsets in the group of the subsets using the respective priorities including; sending, to the first third party system, the subsets in the first group, including the first subset, using the respective priorities; and sending, to the second third party system, the subsets in the second group, including the third subset, using the respective priorities.
-
Specification