RATING THREAT SUBMITTER

US 20170142147A1
Filed: 04/18/2014
Published: 05/18/2017
Est. Priority Date: 04/18/2014
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine-readable storage medium storing instructions that, if executed by at least one processor of a computing system, cause the computing system to:

receive information about a plurality of threat observables from a respective plurality of threat submitters;

provide data about the respective threat observables to one or more entities;

receive respective feedback from at least one of the entities about the respective threat observables; and

update a rating of one of the threat submitters associated with the respective feedback.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments disclosed herein relate to update a rating of threat submitters. Information is received of threat observables from threat submitters. Information about the threat observables is provided to one or more entities. Feedback about a threat observable is received from one of the entities. A rating of the threat submitter associated with the feedback is updated.

Citations

15 Claims

1. A non-transitory machine-readable storage medium storing instructions that, if executed by at least one processor of a computing system, cause the computing system to:
- receive information about a plurality of threat observables from a respective plurality of threat submitters;
  
  provide data about the respective threat observables to one or more entities;
  
  receive respective feedback from at least one of the entities about the respective threat observables; and
  
  update a rating of one of the threat submitters associated with the respective feedback.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The non-transitory machine-readable storage medium of claim 1, further comprising instructions that, if executed by the at least one processor, cause the computing system to:
    - positively update the rating of the one threat submitter if the feedback indicates that the associated threat observable was used by a security management platform to discover a threat, wherein the feedback is received from the security management platform,wherein the feedback is received in real-time.
  - 3. The non-transitory machine-readable storage medium of claim 1, further comprising instructions that, if executed by the at least one processor, cause the computing system to:
    - negatively update the rating of the one threat submitter if the feedback indicates at least one of;
      
      that the associated threat observable was not used and the associated threat observable was incorrect.
  - 4. The non-transitory machine-readable storage medium of claim 1,wherein the rating is associated with a category,wherein the feedback is received from one of the entities also associated with the category.
  - 5. The non-transitory machine-readable storage medium of claim 4, wherein another rating associated with another category is not updated based on the feedback.
  - 6. The non-transitory machine-readable storage medium of claim 1, wherein the rating represents a confidence that the threat submitter is submitting useful threat data.
  - 7. The non-transitory machine-readable storage medium of claim 6, wherein the rating is further based on a uniqueness of the threat observable submitted by the one threat submitter.
  - 8. The non-transitory machine-readable storage medium of claim 6, wherein the update of the rating is further based on another rating of another threat submitter associated with a high rating.
  - 9. The non-transitory machine-readable storage medium of claim 1, further comprising instructions that, if executed by the at least one processor, cause the computing system to:
    - determine a threat score for the another one of the threat observables submitted by the one threat submitter based on the updated rating.

10. A method comprising:
- receiving threat observable information about a threat observable from a threat submitter;
  
  providing the threat observable information to one or more entities;
  
  updating a rating for the threat submitter,wherein the rating represents a confidence that the threat submitter is submitting useful threat data based on an analysis of the threat observable and information received from at least one of the entities;
  
  receiving other threat observable information about another threat observable from the threat submitter;
  
  determining a threat score for the other threat observable based, at least in part, on the rating.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10,wherein the rating is updated based on a severity of the threat observable, a usefulness of the threat observable at the at least one of the entities, and a uniqueness of the threat observable compared to the information received from the at least one of the entities, andwherein the threat score represents a likelihood that if the threat observable is observed, a malicious behavior is associated.
  - 12. The method of claim 10,wherein the information received from the at least one of the entities includes a sighting of the threat observable at the at least one of the entities, andwherein if the at least one of the entities is rated above a threshold, the updated rating is positively affected.

13. A computing system comprising:
- a communication engine to receive threat data from a threat submitter;
  
  a score engine to score the threat data for one or more entities,wherein the communication engine is further to provide the score to the one or more entities;
  
  wherein the communication engine is further to receive usage information of the threat data;
  
  a rating engine to update a rating for the threat submitter based on the usage information.
- View Dependent Claims (14, 15)
- - 14. The computing system of claim 13,wherein the rating represents a confidence that the threat submitter is submitting useful threat information, andwherein the threat score represents a likelihood that if a threat observable associated with the threat data is observed, a malicious behavior is associated.
  - 15. The computing system of claim 13, wherein the rating is updated based on a severity of the threat data, a usefulness of the threat data based on the usage information, and a uniqueness of the threat data compared to the usage information received from the at least one of the entities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
SINGLA, Anurag, SANDER, Thomas, ROSS, Edward

Granted Patent

US 10,104,112 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/554 involving event detection a...

H04L 63/1433 Vulnerability analysis

RATING THREAT SUBMITTER

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

RATING THREAT SUBMITTER

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links