Automated vulnerability intelligence generation and application
First Claim
1. A method comprising:
- obtaining, by a computer system, over a computer network, and from a computer security data provider, distributable vulnerability data comprising, for each of a plurality of software packages and associated vulnerabilities, threat mitigation information and a threat priority parameter,wherein the distributable vulnerability data is derived from an intelligence graph depicting a plurality of attacks by a plurality of attackers against a plurality of entities and comprising a plurality of fundamental instance nodes, a plurality of document nodes, and a plurality of edges,wherein the plurality of fundamental instance nodes include a first fundamental instance node that is associated with common vulnerability and exposure information,wherein the plurality of fundamental instance nodes further include a second fundamental instance node that is associated with one of;
an internet protocol (IP) address,a domain name,a uniform resource locator,a file system path,a software vulnerability,a software,a name of a person,an account handle,an email address,a malware family,an attack campaign,an event,an organization,a network,a file,a country,a region, oran autonomous system number, andwherein the plurality of document nodes include a document node associated with one of;
an intelligence report,a communication,an analysis, ora context;
identifying installed software packages on the computer system;
correlating, by the computer system, a plurality of the installed software packages with the distributable vulnerability data to obtain an identified plurality of installed software packages and respective associated vulnerabilities;
ordering, by the computer system, at least one of the identified plurality of installed software packages and respective associated vulnerabilities according to threat priority parameters to obtain an ordered plurality of installed software packages and associated vulnerabilities; and
providing mitigation information for the ordered plurality of installed software packages and associated vulnerabilities.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques for providing computer security vulnerability intelligence are disclosed. The techniques include obtaining distributable vulnerability data that includes, for each of a plurality of software packages and associated vulnerabilities, threat mitigation information and a threat priority parameter, where the distributable vulnerability data was derived from an intelligence graph including a plurality of fundamental instance nodes, a plurality of document nodes, and a plurality of edges. The techniques also include identifying installed software packages on a computer system, correlating a plurality of the installed software packages with the distributable vulnerability data to obtain a plurality of installed software packages and associated vulnerabilities, ordering at least some of the plurality of installed software packages and associated vulnerabilities according to threat priority parameters, such that an ordered plurality of installed software packages and associated vulnerabilities is obtained, and providing mitigation information for the ordered plurality of installed software packages and associated vulnerabilities.
111 Citations
20 Claims
-
1. A method comprising:
-
obtaining, by a computer system, over a computer network, and from a computer security data provider, distributable vulnerability data comprising, for each of a plurality of software packages and associated vulnerabilities, threat mitigation information and a threat priority parameter, wherein the distributable vulnerability data is derived from an intelligence graph depicting a plurality of attacks by a plurality of attackers against a plurality of entities and comprising a plurality of fundamental instance nodes, a plurality of document nodes, and a plurality of edges, wherein the plurality of fundamental instance nodes include a first fundamental instance node that is associated with common vulnerability and exposure information, wherein the plurality of fundamental instance nodes further include a second fundamental instance node that is associated with one of; an internet protocol (IP) address, a domain name, a uniform resource locator, a file system path, a software vulnerability, a software, a name of a person, an account handle, an email address, a malware family, an attack campaign, an event, an organization, a network, a file, a country, a region, or an autonomous system number, and wherein the plurality of document nodes include a document node associated with one of; an intelligence report, a communication, an analysis, or a context; identifying installed software packages on the computer system; correlating, by the computer system, a plurality of the installed software packages with the distributable vulnerability data to obtain an identified plurality of installed software packages and respective associated vulnerabilities; ordering, by the computer system, at least one of the identified plurality of installed software packages and respective associated vulnerabilities according to threat priority parameters to obtain an ordered plurality of installed software packages and associated vulnerabilities; and providing mitigation information for the ordered plurality of installed software packages and associated vulnerabilities. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
one or more electronic processors to; obtain, over a computer network and from a computer security data provider, distributable vulnerability data comprising, for each of a plurality of software packages and associated vulnerabilities, threat mitigation information and a threat priority parameter, wherein the distributable vulnerability data is derived from an intelligence graph depicting a plurality of attacks by a plurality of attackers against a plurality of entities and comprising a plurality of fundamental instance nodes, a plurality of document nodes, and a plurality of edges, wherein the plurality of fundamental instance nodes include a first fundamental instance node that is associated with common vulnerability and exposure information, wherein the plurality of fundamental instance nodes further include a second fundamental instance node that is associated with one of; an internet protocol (IP) address, a domain name, a uniform resource locator, a file system path, a software vulnerability, a software, a name of a person, an account handle, an email address, a malware family, an attack campaign, an event, an organization, a network, a file, a country, a region, or an autonomous system number, and wherein the plurality of document nodes include a document node associated with one of; an intelligence report, a communication, an analysis, or a context; identify installed software packages on the system; correlate a plurality of the installed software packages with the distributable vulnerability data to obtain an identified plurality of installed software packages and respective associated vulnerabilities; order at least one of the identified plurality of installed software packages and respective associated vulnerabilities according to threat priority parameters to obtain an ordered plurality of installed software packages and respective associated vulnerabilities is obtained; and provide mitigation information for the ordered plurality of installed software packages and associated vulnerabilities. - View Dependent Claims (7, 8, 9, 10)
-
11. A method comprising:
-
obtaining an intelligence graph, depicting a plurality of attacks by a plurality of attackers against a plurality of entities, and comprising a plurality of fundamental instance nodes, a plurality of document nodes, and a plurality of edges; deriving, from the intelligence graph, distributable vulnerability data comprising, for each of a plurality of software packages and associated vulnerabilities, threat mitigation information and a threat priority parameter, wherein the plurality of fundamental instance nodes include a first fundamental instance node that is associated with common vulnerability and exposure information, wherein the plurality of fundamental instance nodes include a second fundamental instance node that is associated with one of; an internet protocol (IP) address, a domain name, a uniform resource locator, a file system path, a software vulnerability, a software, a name of a person, an account handle, an email address, a malware family, an attack campaign, an event, an organization, a network, a file, a country, a region, or an autonomous system number, and wherein the plurality of document nodes include a document node associated with one of; an intelligence report, a communication, an analysis, or a context; and providing, over a computer network, the distributable vulnerability data to an entity having a computer system with installed software packages to correlate a plurality of the installed software packages with the distributable vulnerability data to obtain an identified plurality of installed software packages and respective associated vulnerabilities and to order at least one of the identified plurality of installed software packages and associated vulnerabilities according to threat priority parameters, to obtain an ordered plurality of installed software packages and associated vulnerabilities and mitigation information for the ordered plurality of installed software packages and associated vulnerabilities. - View Dependent Claims (12, 13, 14, 15)
-
-
16. An electronic computer system comprising:
one or more electronic processors to; obtain an intelligence graph depicting a plurality of attacks by a plurality of attackers against a plurality of entities and comprising a plurality of fundamental instance nodes, a plurality of document nodes, and a plurality of edges; derive, from the intelligence graph, distributable vulnerability data comprising, for each of a plurality of software packages and associated vulnerabilities, threat mitigation information and a threat priority parameter, wherein the plurality of fundamental instance nodes include a first fundamental instance node that is associated with common vulnerability and exposure information, wherein the plurality of fundamental instance nodes further include a second fundamental instance node that is associated with one of; an internet protocol (IP) address, a domain name, a uniform resource locator, a file system path, a software vulnerability, a software, a name of a person, an account handle, an email address, a malware family, an attack campaign, an event, an organization, a network, a file, a country, a region, or an autonomous system number, and wherein the plurality of document nodes include a document node associated with one of; an intelligence report, a communication, an analysis, or a context; and provide, over a computer network, the distributable vulnerability data to an entity having a computer system with installed software packages to correlate a plurality of the installed software packages with the distributable vulnerability data to obtain an identified plurality of installed software packages and associated vulnerabilities and to order at least one of the identified plurality of installed software packages and associated vulnerabilities according to threat priority parameters, whereby the entity obtains an ordered plurality of installed software packages and associated vulnerabilities and mitigation information for the ordered plurality of installed software packages and associated vulnerabilities. - View Dependent Claims (17, 18, 19, 20)
Specification