Correlation-based security threat analysis
US11848948B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 18, 2020 |
| Grant date | Dec 19, 2023 |
| Priority date | — |
| Expiry date | Jan 19, 2042 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2009/45595
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Example methods and systems for correlation-based security threat analysis are described. In one example, a computer system may obtain event information that is generated by monitoring a virtualized computing instance supported by a host; and network alert information that is generated by monitoring network traffic associated with the virtualized computing instance. The network alert information may specify security threat signature(s) detected based on the network traffic. The computer system may map the network alert information to threat information that specifies indicator(s) of compromise associated with the signature(s) and perform a correlation analysis based on the event information, network alert information and threat information. Based on the correlation analysis, it is determined whether there is a potential security threat associated with the virtualized computing instance.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.