Abstract: Systems and techniques are provided for creating sensor based rules for detecting and responding to malicious activity. Evidence corresponding to a malicious activity is received. The evidence corresponding to malicious activity is analyzed. Indicators are identified from the evidence. The indicators are extracted from the evidence. It is determined that an action to mitigate or detect a threat needs to be taken based on the indicators and evidence. A sensor to employ the prescribed action is identified. Whether a sensor based rule meets a threshold requirement is validated. A configuration file used to task the sensor based rule to the identified sensor is created. The number of sensor based rule triggers is tracked.
Type:
Grant
Filed:
January 16, 2018
Date of Patent:
December 10, 2019
Assignee:
Analyst Platform, LLC
Inventors:
Russell Scott Messick, Jason Daniel Smith
Abstract: Systems and techniques are provided for creating sensor based rules for detecting and responding to malicious activity. Evidence corresponding to a malicious activity is received. The evidence corresponding to malicious activity is analyzed. Indicators are identified from the evidence. The indicators are extracted from the evidence. It is determined that an action to mitigate or detect a threat needs to be taken based on the indicators and evidence. A sensor to employ the prescribed action is identified. Whether a sensor based rule meets a threshold requirement is validated. A configuration file used to task the sensor based rule to the identified sensor is created. The number of sensor based rule triggers is tracked.
Type:
Grant
Filed:
January 24, 2017
Date of Patent:
January 16, 2018
Assignee:
Analyst Platform, LLC
Inventors:
Russell Scott Messick, Jason Daniel Smith
Abstract: Systems and techniques are provided for creating sensor based rules for detecting and responding to malicious activity. Evidence corresponding to a malicious activity is received. The evidence corresponding to malicious activity is analyzed. Indicators are identified from the evidence. The indicators are extracted from the evidence. It is determined that an action to mitigate or detect a threat needs to be taken based on the indicators and evidence. A sensor to employ the prescribed action is identified. Whether a sensor based rule meets a threshold requirement is validated. A configuration file used to task the sensor based rule to the identified sensor is created. The number of sensor based rule triggers is tracked.
Type:
Grant
Filed:
October 6, 2014
Date of Patent:
February 28, 2017
Assignee:
Analyst Platform, LLC
Inventors:
Russell Scott Messick, Jason Daniel Smith