Providing alerts based on unstructured information methods and apparatus
First Claim
1. A method comprising:
- receiving a data item from a remotely located information source, the data item including unstructured information;
determining a threat score for the data item by matching information associated with the data item to pre-identified information associated with a numerical value;
responsive to the threat score exceeding a predetermined threshold, determining labels for at least one Common Alerting Protocol field associated with a Common Alerting Protocol data structure using at least a portion of the information associated with the data item by;
determining a first label for an urgency field within the Common Alerting Protocol data structure based on the threat score and the data item,determining a second label for a severity field within the Common Alerting Protocol data structure based on the threat score and the data item,determining a third label for a category field within the Common Alerting Protocol data structure based on the threat score and the data item, anddetermining a fourth label for a certainty field within the Common Alerting Protocol data structure based on the threat score and the first data item;
creating the Common Alerting Protocol data structure that includes the labels; and
transmitting the Common Alerting Protocol data structure for use within a decision system or to cause security personnel to perform an action.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method, and apparatus for providing alerts based on unstructured information are disclosed. An example method includes receiving a data item from a remotely located information source, the data item including unstructured information. The method also includes determining a threat score for the data item by matching information associated with the data item to pre-identified information associated with a numerical value. The method further includes responsive to the threat score exceeding a predetermined threshold, creating a Common Alerting Protocol data structure that includes at least a portion of the information associated with the data item and transmitting the Common Alerting Protocol data structure.
16 Citations
20 Claims
-
1. A method comprising:
-
receiving a data item from a remotely located information source, the data item including unstructured information; determining a threat score for the data item by matching information associated with the data item to pre-identified information associated with a numerical value; responsive to the threat score exceeding a predetermined threshold, determining labels for at least one Common Alerting Protocol field associated with a Common Alerting Protocol data structure using at least a portion of the information associated with the data item by; determining a first label for an urgency field within the Common Alerting Protocol data structure based on the threat score and the data item, determining a second label for a severity field within the Common Alerting Protocol data structure based on the threat score and the data item, determining a third label for a category field within the Common Alerting Protocol data structure based on the threat score and the data item, and determining a fourth label for a certainty field within the Common Alerting Protocol data structure based on the threat score and the first data item; creating the Common Alerting Protocol data structure that includes the labels; and transmitting the Common Alerting Protocol data structure for use within a decision system or to cause security personnel to perform an action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A machine-accessible device comprising a memory having instructions stored thereon that, when executed, cause a machine to at least:
-
determine a threat score for a first data item received from a data source by matching unstructured content within the first data item to pre-identified content associated with at least a value; responsive to the threat score exceeding a predetermined threshold, determine labels for at least one Common Alerting Protocol field for a Common Alerting Protocol data structure using at least a portion of the content associated with the first data item by; selecting a first label for an urgency field within the Common Alerting Protocol data structure based on the threat score and the first data item; selecting a second label for a severity field within the Common Alerting Protocol data structure based on the threat score and the first data item; selecting a third label for a category field within the Common Alerting Protocol data structure based on the threat score and the first data item; and selecting a fourth label for a certainty field within the Common Alerting Protocol data structure based on the threat score and the first data item; create the Common Alerting Protocol data structure that includes the labels; and transmit the Common Alerting Protocol data structure causing security personnel associated with a client to perform an action. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. An apparatus comprising at least one hardware processor that in aggregate includes:
-
an interface configured to receive an unstructured data item from a data source; a semantic classifier configured to determine a first threat score by determining content within the data item that matches pre-identified semantic information; a dictionary classifier configured to determine a second threat score by determining the content within the data item that matches pre-identified dictionary information; a location identifier configured to determine a third threat score by determining the content within the data item that substantially matches geographic location information; a content scorer configured to determine whether the combination of the first, second, and third threat scores is greater than a predetermined threshold; and a Common Alerting Protocol processor configured to; determine labels for at least one Common Alerting Protocol field using at least some of the content within the data item responsive to the content scorer determining that the combined threat score is greater than the predetermined threshold by; determining a first label for an urgency field within the Common Alerting Protocol data structure based on the threat score and the data item, determining a second label for a severity field within the Common Alerting Protocol data structure based on the threat score and the data item, determining a third label for a category field within the Common Alerting Protocol data structure based on the threat score and the data item, and determining a fourth label for a certainty field within the Common Alerting Protocol data structure based on the threat score and the first data item, and create a Common Alerting Protocol data structure that includes the labels for use by a decision system or security personnel. - View Dependent Claims (17, 18, 19, 20)
-
Specification