Abstract: Examples disclosed herein relate to providing enhanced threat intelligence on a security information sharing platform. Some examples may enable correlating a first set of items of threat information from the security information sharing platform. Some examples may enable, responsive to determining that the correlated first set of items of threat information indicate a first malicious action type, creating a new security indicator comprising information from the correlated first set of items of threat information and associating the new security indicator with the first malicious action type. Some examples may enable determining whether a first threat pattern exists based on the new security indicator.

Abstract: A method includes compiling a workflow that is defined in a high-level flow language to generate a plurality of execution units that are executable so as to execute the workflow.

Abstract: Examples disclosed herein relate to sharing of community-based security information. Some examples may enable generating a first community on a security information sharing platform that enables sharing of security information among a plurality of communities; obtaining a first security indicator from a first user of the first community; providing the first security indicator to the first community; obtaining contextual information related to the first security indicator from a second user of the first community; including the first security indicator and the contextual information related to the first security indicator in the security information of the first community; and encrypting a portion of the security information of the first community with an encryption key, wherein the encryption key is unavailable to users outside of the first community.

Abstract: According to an example, security indicator access determination may include determining a security indicator that is received from a first entity by a security indicator sharing platform for sharing with a second entity. A rule associated with identification of a third entity that has access to the security indicator may be analyzed. The third entity may be different from the second entity, and if the second entity belongs to a community, the third entity may not be in the community of the second entity. A determination may be made as to whether to identify the third entity based on the analysis of the rule. In response to a determination that the third entity is to be identified or not to be identified, the third entity may be identified to the first entity, or not identified to the first entity.

Abstract: Examples disclosed herein relate to sharing of community-based security information. Some examples may enable generating a first community on a security information sharing platform that enables sharing of security information among a plurality of communities; obtaining a first security indicator from a first user of the first community; providing the first security indicator to the first community; obtaining contextual information related to the first security indicator from a second user of the first community; including the first security indicator and the contextual information related to the first security indicator in the security information of the first community; and encrypting a portion of the security information of the first community with an encryption key, wherein the encryption key is unavailable to users outside of the first community.

Abstract: Examples disclosed herein relate to providing enhanced threat intelligence on a security information sharing platform. Some examples may enable correlating a first set of items of threat information from the security information sharing platform. Some examples may enable, responsive to determining that the correlated first set of items of threat information indicate a first malicious action type, creating a new security indicator comprising information from the correlated first set of items of threat information and associating the new security indicator with the first malicious action type. Some examples may enable determining whether a first threat pattern exists based on the new security indicator.

Abstract: Examples disclosed herein relate to considering geolocation information in a security information sharing platform. Some examples may enable determining geolocation information for a security indicator shared to the security information sharing platform. Some examples may enable determining an indicator score associated with the security indicator based on the determined geolocation information. Some examples may enable facilitating display, via a user interface, the first indicator score to the first community of users based on the indicator score.

Abstract: According to an example, security indicator access determination may include determining a security indicator that is received from a first entity by a security indicator sharing platform for sharing with a second entity. A rule associated with identification of a third entity that has access to the security indicator may be analyzed. The third entity may be different from the second entity, and if the second entity belongs to a community, the third entity may not be in the community of the second entity. A determination may be made as to whether to identify the third entity based on the analysis of the rule. In response to a determination that the third entity is to be identified or not to be identified, the third entity may be identified to the first entity, or not identified to the first entity.

Abstract: A system method and non-transitory computer readable medium implemented as programming on a suitable computing device, the system for inversion of control of executable extensions including a run-time environment configured to push data to one or a plurality of extensions, wherein said one or plurality of extensions are configured to comprise one or a plurality of signatures. Wherein said one or a plurality of extensions are compilable, designable and testable outside of the run-time environment, and wherein the run-time environment may be configured to accept an extension and to push data to that extension as per said one or a plurality of signatures.

Abstract: A system method and non-transitory computer readable medium implemented as programming on a suitable computing device, the system for inversion of control of executable extensions including a run-time environment configured to push data to one or a plurality of extensions, wherein said one or plurality of extensions are configured to comprise one or a plurality of signatures. Wherein said one or a plurality of extensions are compilable, designable and testable outside of the run-time environment, and wherein the run-time environment may be configured to accept an extension and to push data to that extension as per said one or a plurality of signatures.

Abstract: A system method and non-transitory computer readable medium implemented as programming on a suitable computing device, the system for inversion of control of executable extensions including a run-time environment configured to push data to one or a plurality of extensions, wherein said one or plurality of extensions are configured to comprise one or a plurality of signatures. Wherein said one or a plurality of extensions are compilable, designable and testable outside of the run-time environment, and wherein the run-time environment may be configured to accept an extension and to push data to that extension as per said one or a plurality of signatures.

Abstract: A method includes compiling a workflow that is defined in a high-level flow language to generate a plurality of execution units that are executable so as to execute the workflow.

Abstract: A system, which implemented as programming on a suitable computing device, manages the configuration of a software system. The system includes a create properties configuration module that identifies and stores a collection of properties related to the configuration of the software system; a create file configuration that identifies and stores binary data related to the configuration of the software system; a create configuration set module that creates a draft configuration set including the collection of properties and the binary data; and an activate module that activates the draft configuration set and deactivates and persistently stores a prior configuration set as a historic configuration set. The activated configuration set and the historic configuration sets are immutable.

Abstract: A system method and non-transitory computer readable medium implemented as programming on a suitable computing device, the system for inversion of control of executable extensions including a run-time environment configured to push data to one or a plurality of extensions, wherein said one or plurality of extensions are configured to comprise one or a plurality of signatures. Wherein said one or a plurality of extensions are compilable, designable and testable outside of the run-time environment, and wherein the run-time environment may be configured to accept an extension and to push data to that extension as per said one or a plurality of signatures.

Abstract: A system, which implemented as programming on a suitable computing device, manages the configuration of a software system. The system includes a create properties configuration module that identifies and stores a collection of properties related to the configuration of the software system; a create file configuration that identifies and stores binary data related to the configuration of the software system; a create configuration set module that creates a draft configuration set including the collection of properties and the binary data; and an activate module that activates the draft configuration set and deactivates and persistently stores a prior configuration set as a historic configuration set. The activated configuration set and the historic configuration sets are immutable.