Abstract: A multi-enterprise system for selecting custom high-value sets of SIEM rules for individual member enterprises communicates with member enterprises via network connections. User interfaces are implemented to enable member enterprises to access the system for search, download, and other functions. Advanced rule identification using a sophisticated security knowledge graph enhances processing efficiency and effectiveness.

Abstract: Described are platforms, systems, and methods for providing a set of detection rules for a security threat. In one aspect, a method comprises receiving, from an interface, a request for a set of detection rules to detect a specified security threat, the request comprising a threat landscape of an enterprise; processing the request through a machine-learning model to determine the set of detection rules, the machine-learning model trained with threat context data and other detection rules provided by a plurality of other enterprises; wherein each detection rule is included in the set of detection rules based on a relevance factor meeting a threshold, and wherein the relevance factor for each respective detection rule is determined based on an efficacy of detecting the security threat within the threat landscape; and providing, through the interface, the set of detection rules.

Abstract: Described are platforms, systems, and methods for providing a threat scenario rule to detect a specified threat scenario use case. In one aspect, a method comprises: receiving, from an interface, a set of threat detection parameters; determining a set of recommended threat identifier use cases from a plurality of threat identifier use cases based on the set of threat detection parameters; providing, to the interface, the set of recommended threat identifier use cases; receiving, from the interface, a threat scenario use case comprising a selection of the set of recommended threat identifier use cases; determining a threat scenario rule comprising logic to detect the threat scenario use case; and providing the threat scenario rule to the interface.

Abstract: Described are platforms, systems, and methods for sharing detection logic through a cloud-based exchange platform. In one aspect, a method comprises receiving detection logic from an enterprise; standardizing the detection logic based on a plurality of security frameworks to define attacks and classify protection techniques; processing the standardized detection logic through a machine-learning model to curate and improve the detection logic, the machine-learning model trained with active telemetry regarding a performance of the detection logic in an operating environment; and providing the standardized detection logic and the active telemetry to an interface.