Abstract: The present disclosure is directed to systems, apparatuses and methods for mitigating cyber-attacks. For example, the method includes receiving, from one or more network devices tracking activity on a network, one or more data streams associated with a respective one of the one or more network devices, identifying a security alert from the one or more data streams, the security alert including metadata context describing the network device from the one or more network devices that originated the security alert, analyzing the metadata context to generate a metadata context score. When the security alert is determined to be a security threat event, classifying a type of the security threat event based on the related activity score and the metadata context, and outputting a recommended mitigation course of action based on the classified type of the security threat event.

Abstract: The present disclosure is directed to systems, apparatuses and methods for mitigating cyber-attacks. For example, the method includes receiving, from one or more network devices tracking activity on a network, one or more data streams associated with a respective one of the one or more network devices, identifying a security alert from the one or more data streams, the security alert including metadata context describing the network device from the one or more network devices that originated the security alert, analyzing the metadata context to generate a metadata context score. When the security alert is determined to be a security threat event, classifying a type of the security threat event based on the related activity score and the metadata context, and outputting a recommended mitigation course of action based on the classified type of the security threat event.

Abstract: The present disclosure is directed to systems, apparatuses and methods for mitigating cyber-attacks. For example, the method includes receiving, from one or more network devices tracking activity on a network, one or more data streams associated with a respective one of the one or more network devices, identifying a security alert from the one or more data streams, the security alert including metadata context describing the network device from the one or more network devices that originated the security alert, analyzing the metadata context to generate a metadata context score. When the security alert is determined to be a security threat event, classifying a type of the security threat event based on the related activity score and the metadata context, and outputting a recommended mitigation course of action based on the classified type of the security threat event.

Abstract: The present disclosure is directed to systems, apparatuses and methods for mitigating cyber-attacks. For example, the method includes receiving, from one or more network devices tracking activity on a network, one or more data streams associated with a respective one of the one or more network devices, identifying a security alert from the one or more data streams, the security alert including metadata context describing the network device from the one or more network devices that originated the security alert, analyzing the metadata context to generate a metadata context score. When the security alert is determined to be a security threat event, classifying a type of the security threat event based on the related activity score and the metadata context, and outputting a recommended mitigation course of action based on the classified type of the security threat event.