Systems and methods for automated threat detection
US11528294B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 18, 2021 |
| Grant date | Dec 13, 2022 |
| Priority date | — |
| Expiry date | Feb 18, 2041 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06N20/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Systems and methods for dynamically training a threat detection system include monitoring security analyst workflow data from security analysts analyzing scans of security logs. The workflow data includes rules applied to security log scan results, rule results selected for further analysis, tags applied to rule results, filters applied to rule results, rankings applied to rule results, or actions associated with a pivot by security analysts. A tagging classifier is then trained based on tags assigned to scan results. A review classifier is trained based on scan results previously reviewed by security analysts. A filter and ranking method is trained based on filters and rankings applied to the scan results. An automated threat hunting playbook is generated including the tagging classifier, the review classifier, and the filter and ranking method. The automated threat hunting playbook generates one or more scripts to automatically analyze incoming security data.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.