Abstract: An approach is provided that receives a set of actual hardware power consumption details and a set of software activity details with all of the details pertaining to the use of a computer system at a first time. Based on the set of software activity details, the approach determines a set of expected hardware power consumption details. The set of actual hardware power consumption details are compared to the set of expected hardware power consumption details. If the comparison identifies variances between the actual and expected data, then a security threat is flagged and threat responses are performed.

Abstract: A method provides an intermediate mitigation of a vulnerability in a particular computer system. One or more processors receive a description of a vulnerability of a computer system to a malicious attack. The processor(s) perform an NLP analysis of the description of the vulnerability in order to extract risk information related to the vulnerability, where the risk information includes an identity of a type of vulnerable computer system resource in the computer system. The processor(s) match the vulnerable computer system resource to a computer system resource in a particular computer system, and perform an intermediate mitigation action that reduces a functionality of the computer system resource in the particular computer system until a solution is implemented that both restores the functionality of the computer system resource in the particular computer system and mitigates the vulnerability of the particular computer system to the malicious attack.

Abstract: A method assigns a particular rule for a previous client to a new client for use in executing a security feature on a computer system used by the new client. One or more processors match a new client profile for the new client to a previous client profile for the previous client. The new client profile is based on types of one or more client assets of the new client and an intrusion detection alert history of the new client. The processor(s) assign the particular rule for the previous client to the new client based on the new client profile matching the previous client profile. The processor(s) receive information indicating that a violation of the particular rule has occurred, and execute a security feature of the computer system used by the new client in order to resolve the violation of the particular rule.

Abstract: An approach is disclosed that receives a request from a first device connected to a first network to connect to a second device connected to a second network. In response to verifying that a connection between the first device and the second device is allowed, the approach operates to establish a secure network communications tunnel between the first device and the second device. The secure network communications tunnel is specific to the first and second devices and the first device is inhibited from accessing other devices that are connected to the second network using the secure network communications tunnel. The secure network communications tunnel is then terminated in response to a detection of a security event.

Abstract: A method manages software images in a blockchain-based environment of trusted devices. A trusted device creates a software image for sharing among members of a set of trusted devices that includes the trusted device. A blockchain mechanism stores the software image on a virtual machine that is in communication with the set of trusted devices, where the blockchain mechanism uses the set of trusted devices as peer members of the blockchain mechanism. A trusted device from the set of trusted devices receives, via the virtual machine, an access request for the software image from a requesting device from the set of trusted devices. The blockchain mechanism authorizes the access request by providing the software image to the requesting device.

Abstract: A method controls a modification of an adjustable device. A system establishes a circle of trust for a plurality of devices, where at least one of the plurality of devices is an adjustment control device for adjusting an adjustable device. Operations of the adjustment control device are controlled via a blockchain, where the blockchain must approve the adjustment control device before an adjustment of the adjustable device is performed by the adjustment control device. The system receives an approval from the blockchain for the adjustment control device to adjust the adjustable device, and the adjustment control device adjusts the adjustable device in response to receiving the approval from the blockchain.

Abstract: A method assigns a particular rule for a previous client to a new client for use in executing a security feature on a computer system used by the new client. One or more processors match a new client profile for the new client to a previous client profile for the previous client. The new client profile is based on types of one or more client assets of the new client and an intrusion detection alert history of the new client. The processor(s) assign the particular rule for the previous client to the new client based on the new client profile matching the previous client profile. The processor(s) receive information indicating that a violation of the particular rule has occurred, and execute a security feature of the computer system used by the new client in order to resolve the violation of the particular rule.

Abstract: A method improves a security of a computer system by building a new set of rules for the computer system. One or more processors input a plurality of client profiles to an artificial intelligence (AI) system, where the plurality of client profiles are based on an analysis of respective client environments comprising client assets and an intrusion detection alert history of a plurality of clients. The processor(s) match a new client profile to a respective client profile from the plurality of client profiles. The processor(s) build a new set of rules for the new client based on a similarity measure of the new client profile to the respective client profile. The processor(s) subsequently receive information indicating that a violation of the new set of rules has occurred and then execute a security feature of the computer system in order to resolve the violation of the new set of rules.

Abstract: An approach is provided that receives a set of actual hardware power consumption details and a set of software activity details with all of the details pertaining to the use of a computer system at a first time. Based on the set of software activity details, the approach determines a set of expected hardware power consumption details. The set of actual hardware power consumption details are compared to the set of expected hardware power consumption details. If the comparison identifies variances between the actual and expected data, then a security threat is flagged and threat responses are performed.

Abstract: An approach is disclosed that receives a request from a first device connected to a first network to connect to a second device connected to a second network. In response to verifying that a connection between the first device and the second device is allowed, the approach operates to establish a secure network communications tunnel between the first device and the second device. The secure network communications tunnel is specific to the first and second devices and the first device is inhibited from accessing other devices that are connected to the second network using the secure network communications tunnel. The secure network communications tunnel is then terminated in response to a detection of a security event.

Abstract: A method provides an intermediate mitigation of a vulnerability in a particular computer system. One or more processors receive a description of a vulnerability of a computer system to a malicious attack. The processor(s) perform an NLP analysis of the description of the vulnerability in order to extract risk information related to the vulnerability, where the risk information includes an identity of a type of vulnerable computer system resource in the computer system. The processor(s) match the vulnerable computer system resource to a computer system resource in a particular computer system, and perform an intermediate mitigation action that reduces a functionality of the computer system resource in the particular computer system until a solution is implemented that both restores the functionality of the computer system resource in the particular computer system and mitigates the vulnerability of the particular computer system to the malicious attack.

Abstract: A method improves a security of a computer system by building a new set of rules for the computer system. One or more processors input a plurality of client profiles to an artificial intelligence (AI) system, where the plurality of client profiles are based on an analysis of respective client environments comprising client assets and an intrusion detection alert history of a plurality of clients. The processor(s) match a new client profile to a respective client profile from the plurality of client profiles. The processor(s) build a new set of rules for the new client based on a similarity measure of the new client profile to the respective client profile. The processor(s) subsequently receive information indicating that a violation of the new set of rules has occurred and then execute a security feature of the computer system in order to resolve the violation of the new set of rules.

Abstract: A method manages software images in a blockchain-based environment of trusted devices. A trusted device creates a software image for sharing among members of a set of trusted devices that includes the trusted device. A blockchain mechanism stores the software image on a virtual machine that is in communication with the set of trusted devices, where the blockchain mechanism uses the set of trusted devices as peer members of the blockchain mechanism. A trusted device from the set of trusted devices receives, via the virtual machine, an access request for the software image from a requesting device from the set of trusted devices. The blockchain mechanism authorizes the access request by providing the software image to the requesting device.

Abstract: An approach is presented for generating a log parser. Regular expressions are received and stored in a crowd-sourced data repository. An instruction is received to create a log parser based on a sample log. The sample log is received. Matches are identified between strings of characters included in the received sample log and regular expressions included in the stored regular expressions. Each match indicates a stored regular expression is capable of parsing a string included in the sample log. Based on the identified matches, the log parser is generated so as to include the regular expressions that match the strings included in the sample log.