Systems and methods of information security monitoring with third-party indicators of compromise
US11245730B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Nov 8, 2019 |
| Grant date | Feb 8, 2022 |
| Priority date | — |
| Expiry date | Apr 14, 2040 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/145
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.