Associations among data records in a security information sharing platform
First Claim
1. A method for creating associations among data records in a security information sharing platform, the method comprising:
- determining, by a processor in a security information sharing platform that enables sharing of security information among a plurality of users, a number of sightings of a first observable by members of a particular group of users, wherein the first observable is included in a first security indicator;
determining, by the processor, whether the number of sightings of the first observable exceeds a predetermined threshold;
prior to receiving a search query, the processor generating a first association between the first security indicator and a first data record in response to a determination that the number of sightings of the first observable exceeds the predetermined threshold, wherein the first data record represents the particular group of users;
after generating the first association, the processor receiving the search query, wherein the search query specifies the first security indicator; and
identifying, by the processor, a set of data records that satisfy the search query using the first association, the set of data records including the first data record.
7 Assignments
0 Petitions
Accused Products
Abstract
Examples disclosed herein relate to associations among data records in a security information sharing platform. Some examples may enable creating, in the security information sharing platform that enables sharing of security information among a plurality of users, an association between a first security indicator comprising a first observable and a first data record based on sightings of the first observable by at least one source entity associated with the first data record. Some examples may further enable obtaining a search query that specifies the first security indicator, and identifying a set of data records that satisfy the search query. The set of data records may include the first data record.
30 Citations
20 Claims
-
1. A method for creating associations among data records in a security information sharing platform, the method comprising:
-
determining, by a processor in a security information sharing platform that enables sharing of security information among a plurality of users, a number of sightings of a first observable by members of a particular group of users, wherein the first observable is included in a first security indicator; determining, by the processor, whether the number of sightings of the first observable exceeds a predetermined threshold; prior to receiving a search query, the processor generating a first association between the first security indicator and a first data record in response to a determination that the number of sightings of the first observable exceeds the predetermined threshold, wherein the first data record represents the particular group of users; after generating the first association, the processor receiving the search query, wherein the search query specifies the first security indicator; and identifying, by the processor, a set of data records that satisfy the search query using the first association, the set of data records including the first data record. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory machine-readable storage medium comprising instructions executable by a processor of a computing device for creating associations among data records in a security information sharing platform, the machine-readable storage medium comprising:
-
instructions to determine a number of sightings of a first observable by members of a particular group of users, wherein the first observable is included in a first security indicator; instructions to determine whether the number of sightings of the first observable exceeds a predetermined threshold; instructions to create, prior to receiving a search query, a first association between the first security indicator comprising the first observable and a first data record in response to a determination that the number of sightings of the first observable exceeds the predetermined threshold, wherein the first data record represents the particular group of users; instructions to, after creating the first association, receive the search query, wherein the search query specifies the first security indicator; and instructions to, in response to the search query, provide the first data record using the first association. - View Dependent Claims (9, 10, 11, 18, 19, 20)
-
-
12. A system for creating associations among data records in a security information sharing platform comprising:
a processor to; determine, in a security information sharing platform that enables sharing of security information among a plurality of users, a number of sightings of a first observable by members of a particular group of users, wherein the first observable is included in a security indicator; prior to receiving a search query, in response to a determination that the number of sightings of the first observable exceeds a predetermined threshold, generate a first association between the security indicator comprising the first observable and a first data record, wherein the first data record represents the particular group of users; after generating the first association, receive the search query, wherein the search query specifies the security indicator; identify a set of data records that satisfy the search query, the set of data records including the first data record; and provide a visual representation of associations between the security indicator and the set of data records. - View Dependent Claims (13, 14, 15, 16, 17)
Specification