Abstract: An automated training apparatus can include an importance node module to compute and use graphs to compute an importance of a node based on factors that include a hierarchy and a job title of the user in the organization, aggregated account privileges from different network domains, and a level of shared resource access for the user. The graphs are supplied into an attack path modeling component to understand an importance of the network nodes and determine key pathways and vulnerable network nodes that a cyber-attack would use, and a grouping module to analyze the importance of the network nodes and the key pathways and the vulnerable network nodes, and to classify the nodes based on security risks and the vulnerabilities to provide reports including areas of vulnerability and known weaknesses of the network.

Abstract: Methods, systems, and apparatus are disclosed for an Artificial Intelligence based cyber security system. An Artificial Intelligence based cyber analyst can make use of a data structure containing multiple tags to assist in creating a consistent, expanding modeling of an ongoing cyber incident. The Artificial Intelligence based cyber analyst can make use of a cyber incident graph database when rendering that incident to an end user. The Artificial Intelligence based cyber analyst can also be used as a mechanism to evaluate the quality of the alerts coming from 3rd parties' security tools both when the system being protected by the cyber security appliance is not actually under attack by a cyber threat as well as during an attack by a cyber threat.

Abstract: A Software as a Service (SaaS) console can retrieve data from one or more application programming interfaces (APIs) hosted by one or more SaaS platforms in order to identify cyber threats in a cyber threat defense system. The SaaS console can use customizable generic templates to provide a regular i) polling service, ii) data retrieval service, and iii) any combination of both, as well as a universal way to obtain data from the one or more APIs hosted by one or more SaaS platforms to collect event-based activity data from the one or more APIs. Data fields of the one or more customizable generic template are configured to be populated with data incorporated from a first user of a first SaaS platform for a first API for the first SaaS platform.