Electronic device for aggregation, correlation and consolidation of analysis attributes
First Claim
1. An electronic device for detecting a malware attack and controlling a display of information associated with a migration of suspicious network content during the malware attack, the electronic device comprising:
- a processor;
a communication interface logic communicatively coupled to the processor; and
a storage device communicatively coupled to the processor, the storage device comprisesaggregation logic that, when processed by the processor, receives analytic data from each of a plurality of systems via the communication interface logic, the analytic data from each system of the plurality of systems comprises one or more input attributes being information used in routing of the suspicious network content over a network and one or more analysis attributes being (a) a portion of the suspicious network content or (b) at least one anomalous behavior observed during prior analysis of the portion of the suspicious network content,correlation logic that, when processed by the processor and responsive to receiving the analytic data from each of the plurality of systems, attempts to find relationships between the one or more analysis attributes provided from each system of the plurality of systems based on determined similarities between the one or more analysis attributes,consolidation logic that, when processed by the processor, consolidates input attributes of the one or more input attributes associated with at least (i) a first analysis attribute of the one or more analysis attributes from a first system of the plurality of systems and (ii) a second analysis attribute of the one or more analysis attributes from a second system of the plurality of systems in response to detected similarities between the first analysis attribute and the second analysis attribute, anddisplay logic that, when processed by the processor, generates display information including the consolidated input attributes.
5 Assignments
0 Petitions
Accused Products
Abstract
In communication with security appliances, an electronic device for providing a holistic view of a malware attack is described. The electronic device features one or more processors and a storage device. The storage device includes aggregation logic, correlation logic, consolidation logic, and display logic: The aggregation logic is configured to receive input attributes and analysis attributes from each of the security appliances. The correlation logic attempts to find relationships between analysis attributes provided from each security appliance. The consolidation logic receives at least (i) a first analysis attribute from a first security appliance and (ii) a second analysis attribute from a second security appliance in response to the first analysis attribute corresponding to the second analysis attribute. The display logic generates display information including the consolidated input attributes.
702 Citations
18 Claims
-
1. An electronic device for detecting a malware attack and controlling a display of information associated with a migration of suspicious network content during the malware attack, the electronic device comprising:
-
a processor; a communication interface logic communicatively coupled to the processor; and a storage device communicatively coupled to the processor, the storage device comprises aggregation logic that, when processed by the processor, receives analytic data from each of a plurality of systems via the communication interface logic, the analytic data from each system of the plurality of systems comprises one or more input attributes being information used in routing of the suspicious network content over a network and one or more analysis attributes being (a) a portion of the suspicious network content or (b) at least one anomalous behavior observed during prior analysis of the portion of the suspicious network content, correlation logic that, when processed by the processor and responsive to receiving the analytic data from each of the plurality of systems, attempts to find relationships between the one or more analysis attributes provided from each system of the plurality of systems based on determined similarities between the one or more analysis attributes, consolidation logic that, when processed by the processor, consolidates input attributes of the one or more input attributes associated with at least (i) a first analysis attribute of the one or more analysis attributes from a first system of the plurality of systems and (ii) a second analysis attribute of the one or more analysis attributes from a second system of the plurality of systems in response to detected similarities between the first analysis attribute and the second analysis attribute, and display logic that, when processed by the processor, generates display information including the consolidated input attributes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. In communication with a plurality of security appliances, an electronic device for providing a holistic view of a malware attack, the electronic device comprising:
-
a processor; a storage device communicatively coupled to the processor, the storage device comprises aggregation logic that, when processed by the processor, receives one or more input attributes being information used in routing of suspicious network content over a network and one or more analysis attributes from each of the plurality of security appliances, wherein the one or more analysis attributes being (a) a portion of the suspicious network content or (b) at least one anomalous behavior observed during analysis of the portion of the suspicious network content in the plurality of security appliances, correlation logic that, when processed by the processor, attempts to find relationships between the one or more analysis attributes provided from each security appliance of the plurality of security appliances, consolidation logic that, when processed by the processor, receives at least (i) a first analysis attribute from a first security appliance of the plurality of security appliances and (ii) a second analysis attribute of the one or more analysis attributes from a second security appliance of the plurality of security appliances in response to the first analysis attribute corresponding to the second analysis attribute, and consolidates input attributes of the one or more input attributes associated with the first analysis attribute and the second analysis attribute, and display logic that, when processed by the processor, generates display information including the consolidated input attributes. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification