SYSTEMS AND METHODS FOR AUTOMATED RETRIEVAL, PROCESSING, AND DISTRIBUTION OF CYBER-THREAT INFORMATION
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for automated retrieval, processing, and/or distribution of cyber-threat information using a cyber-threat device. Consistent with disclosed embodiments, the cyber-threat device may receive cyber-threat information in first formats from internal sources of cyber-threat information using an accessing component of the cyber-threat device. The cyber-threat device may receive cyber-threat information second formats from external sources of cyber-threat information using an accessing component of the cyber-threat device. The cyber-threat device may process the received cyber-threat information in the first formats and the second formats into a standard format using a processing component of the cyber-threat device. The cyber-threat device may provide the processed items of cyber-threat information to a distributor using a distributing component of the cyber-threat device. The cyber-threat device may automatically report information concerning the processed items of cyber-threat information to a device of a user with a reporting component of the cyber-threat device.
12 Citations
46 Claims
-
1-26. -26. (canceled)
-
27. A cyber-threat network device for automated processing of cyber-threat information, comprising:
-
a network adapter configured to receive; first cyber-threat information in a first format from an internal cyber-threat information source over a private network, the internal cyber-threat information source comprising a network component of an entity system, the network component configured to provide, using an Application Program Interface (API) exposed by the network component, at least some of the first cyber-threat information; and second cyber-threat information in a second format from an external cyber-threat information source over an external network; a processor configured to; process the first cyber-threat information and the second cyber-threat information into processed cyber-threat information in a standard format, the standard format comprising at least one data marking indicating a categorization of the first cyber-threat information and the second cyber-threat information; extract, from the first cyber-threat information and the second cyber-threat information, information identifying the processed cyber-threat information based on stored identification criteria; enforce policy rules specifying at least one of; a user authorized to access the processed cyber-threat information; a type of processed cyber-threat information that may be accessed; methods of access to the processed cyber-threat information;
orpermissible uses of accessed items of the processed cyber-threat information; and distribute the processed cyber-threat information in the standard format to a distributor using an API exposed by the distributor. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A cyber-threat network device for automated processing of cyber-threat information, comprising:
-
a network adapter configured to receive; first cyber-threat information in a first format from an internal cyber-threat information source over a private network, the internal cyber-threat information source comprising a network component of an entity system, the network component configured to provide, using an Application Program Interface (API) exposed by the network component, at least some of the first cyber-threat information; and second cyber-threat information in a second format from an external cyber-threat information source over an external network; a processor configured to; process the first cyber-threat information and the second cyber-threat information into processed cyber-threat information in a standard format, the standard format comprising at least one data marking that indicates a categorization of the first cyber-threat information and the second cyber-threat information; automatically generate reports using the first cyber-threat information and the second cyber-threat information; and distribute the processed cyber-threat information in the standard format to a distributor using an API exposed by the distributor; and a non-transitory memory configured to store the first cyber-threat information, the second cyber-threat information, and the processed cyber-threat information. - View Dependent Claims (43, 44, 45, 46)
-
Specification