Abstract: A new cybersecurity incident is registered at a security incident response platform. At a playbook generation system, details are received of the new cybersecurity incident from the security incident response platform. At least some of the details correspond to a set of features of the new cybersecurity incident. A set or subset of nearest neighbors of the new cybersecurity incident is localized in a feature space. The nearest neighbors of the new cybersecurity incident are other cybersecurity incidents having a distance from the new cybersecurity incident within the feature space that is defined by differences in features of the nearest neighbors with respect to the set of features of the new cybersecurity incident. A custom playbook is created for responding to the new cybersecurity incident.
Type:
Grant
Filed:
October 7, 2019
Date of Patent:
October 11, 2022
Assignee:
Sumo Logic Italy S.p.A
Inventors:
Dario Valentino Forte, Michele Zambelli, Vojtech Letal
Abstract: A method and apparatus for controlling digital evidence comprising creating a case record comprising information about an investigative case, electronically storing at least one piece of digital evidence into memory, and associating the stored at least one piece of evidence with the case record.