Systems and methods for intelligent cybersecurity alert similarity detection and cybersecurity alert handling

Assignee

• Expel, Inc. · US

Inventors

• Peter Silberman · Kensington, US
• Dan Whalen · Herndon, US
• Matt Berninger · Denver, US
• Paul Diebold · Lake Oswego, US
• Ben Kawecki · Arlington, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/602
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A system and method for generating event-specific handling instructions for accelerating a threat mitigation of a cybersecurity event includes identifying a cybersecurity event; generating a cybersecurity event digest based on the cybersecurity event, computing a cybersecurity hashing-based signature of the cybersecurity event based on the cybersecurity event digest; searching, based on the distinct cybersecurity hashing-based signature of the cybersecurity event, an n-dimensional space comprising a plurality of historical cybersecurity event hashing-based signatures; returning one or more historical cybersecurity events or historical cybersecurity alerts homogeneous to the cybersecurity event based on the search; deriving one or more cybersecurity event-specific handling actions for the cybersecurity event based on identifying a threat handling action corresponding to each of the one or more historical cybersecurity events or historical cybersecurity alerts homogeneous to the cybersecurity event; and executing one or more cybersecurity threat mitigation actions to resolve or mitigate the cybersecurity event.