Unstructured security threat information analysis
First Claim
1. A computer-implemented method comprising:
- receiving, by an analysis system that includes one or more computers, a plurality of unstructured textual datasets that each include information about a respective potential security threat;
determining that a first subset of the plurality of unstructured textual datasets and a second, different subset of the plurality of unstructured textual datasets both comprise information about a particular threat, the second, different subset being a different subset than the first subset;
discarding the first subset in response to determining that the first subset of the plurality of unstructured textual datasets and the second, different subset of the plurality of unstructured textual datasets both comprise information about the particular threat;
for each respective subset in the plurality of unstructured textual datasets that has not been discarded;
identifying, by the analysis system, one or more keywords in the respective subset;
determining, by the analysis system, one or more patterns included in the respective subset using the identified one or more keywords;
identifying, by the analysis system, one or more intelligence types that correspond with the respective subset using the one or more patterns; and
associating, by the analysis system for each respective intelligence type of the identified one or more intelligence types, the respective subset from the plurality of unstructured textual datasets with the respective intelligence type;
determining a rule for a third party that indicates that the third party should receive data associated with a particular intelligence type of the one or more intelligence types;
determining that the second subset of the plurality of unstructured textual datasets is associated with the particular intelligence type; and
providing the second subset of the plurality of unstructured textual datasets that is associated with the particular intelligence type to the third party.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating structured data using data received from unstructured textual data sources. One of the methods includes receiving unstructured textual data, identifying one or more keywords in the unstructured textual data, determining one or more patterns included in the unstructured textual data using the identified keywords, identifying one or more intelligence types that correspond with the unstructured textual data using the determined patterns, and associating, for each of the identified intelligence types, a data subset from the unstructured textual data with the respective intelligence type.
56 Citations
21 Claims
-
1. A computer-implemented method comprising:
-
receiving, by an analysis system that includes one or more computers, a plurality of unstructured textual datasets that each include information about a respective potential security threat; determining that a first subset of the plurality of unstructured textual datasets and a second, different subset of the plurality of unstructured textual datasets both comprise information about a particular threat, the second, different subset being a different subset than the first subset; discarding the first subset in response to determining that the first subset of the plurality of unstructured textual datasets and the second, different subset of the plurality of unstructured textual datasets both comprise information about the particular threat; for each respective subset in the plurality of unstructured textual datasets that has not been discarded; identifying, by the analysis system, one or more keywords in the respective subset; determining, by the analysis system, one or more patterns included in the respective subset using the identified one or more keywords; identifying, by the analysis system, one or more intelligence types that correspond with the respective subset using the one or more patterns; and associating, by the analysis system for each respective intelligence type of the identified one or more intelligence types, the respective subset from the plurality of unstructured textual datasets with the respective intelligence type; determining a rule for a third party that indicates that the third party should receive data associated with a particular intelligence type of the one or more intelligence types; determining that the second subset of the plurality of unstructured textual datasets is associated with the particular intelligence type; and providing the second subset of the plurality of unstructured textual datasets that is associated with the particular intelligence type to the third party. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising; receiving a plurality of unstructured textual datasets that each include information about a respective potential security threat; determining that a first subset of the plurality of unstructured textual datasets and a second, different subset of the plurality of unstructured textual datasets both comprise information about a particular threat, the second, different subset being a different subset than the first subset; discarding the first subset in response to determining that the first subset of the plurality of unstructured textual datasets and the second, different subset of the plurality of unstructured textual datasets both comprise information about the particular threat; for each respective subset in the plurality of unstructured textual datasets that has not been discarded; identifying one or more keywords in the respective subset; determining one or more patterns included in the respective subset using the identified one or more keywords; and identifying one or more intelligence types that correspond with the respective subset using the one or more patterns; and associating, for each respective intelligence type of the identified one or more intelligence types, the respective subset from the plurality of unstructured textual datasets with the respective intelligence type; determining a rule for a third party that indicates that the third party should receive data associated with a particular intelligence type of the one or more intelligence types; determining that the second subset of the plurality of unstructured textual datasets is associated with the particular intelligence type; and providing the second subset of the plurality of unstructured textual datasets that is associated with the particular intelligence type to the third party. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer storage medium encoded with instructions that, when executed by a user device, cause the user device to perform operations comprising:
-
receiving a plurality of unstructured textual datasets that each include information about a respective potential security threat; determining that a first subset of the plurality of unstructured textual datasets and a second, different subset of the plurality of unstructured textual datasets both comprise information about a particular threat, the second, different subset being a different subset than the first subset; discarding the first subset in response to determining that the first subset of the plurality of unstructured textual datasets and the second, different subset of the plurality of unstructured textual datasets both comprise information about the particular threat; for each respective subset in the plurality of unstructured textual datasets that has not been discarded; identifying one or more keywords in the respective subset; determining one or more patterns included in the respective subset using the identified one or more keywords; identifying one or more intelligence types that correspond with the respective subset using the one or more patterns; and associating, for each respective intelligence type of the identified one or more intelligence types, the respective subset from the plurality of unstructured textual datasets with the respective intelligence type; determining a rule for a third party that indicates that the third party should receive data associated with a particular intelligence type of the one or more intelligence types; determining that the second subset of the plurality of unstructured textual datasets is associated with the particular intelligence type; and providing the second subset of the plurality of unstructured textual datasets that is associated with the particular intelligence type to the third party. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification