Abstract: An interactive cyber security user interface is provided. The interactive cyber security user interface comprises a large language model, LLM, module configured to receive a natural language input from a user; analyze the natural language input to determine contextual information from the natural language input; determine one or more components of a cyber security system to query based on the contextual information and the natural language input; and generate a query in a software code format accepted by the one or more components of the cyber security system based on an analysis of the natural language input, the contextual information, and the determined one or more components to be queried. The interactive cyber security user interface is configured to query the determined one or more components of the cyber security system using the generated query and receive a response to the query from the one or more components of the cyber security system.

Abstract: A method for a cyber threat defense system is provided. The method comprises receiving a first abnormal behavior pattern where the first abnormal behavior pattern represents behavior on a first network deviating from a normal benign behavior of that network; and receiving a second abnormal behavior pattern where the second abnormal behavior pattern representing either behavior on the first network or on a second network deviating from a normal benign behavior of that network. The method further comprises comparing the first and second abnormal behavior patterns to determine a similarity score between the first and second abnormal behavior patterns and determining, based on the comparison, that the first abnormal behavior pattern likely corresponds to malicious behavior when the similarity score is above a threshold. A corresponding non-transitory computer readable medium is also provided.

Abstract: Endpoint agent cSensors can be used to extend network visibility and enhance tracking capabilities for a cyber security and threat defense environment. The cSensor may comprise a network module to monitor network information coming into and out of the endpoint computing device to ingest a first set of traffic data from network connections. The cSensor may have a collation module to collect the first set of traffic data and obtain input data related to observed network events. An analyzer module can receive the input data and use an intelligent DPI engine to perform predetermined levels of DPI from two or more possible levels of DPI on the input data based on network parameters. The cSensor may have a communication module to transmit a second set of traffic data to a cyber security appliance based on the specified DPI performed. Furthermore, the cSensor may have an autonomous action module to perform autonomous action(s) in response to autonomous action(s) correlated to the received second set of traffic data.

Abstract: A Software as a Service (SaaS) console can retrieve data from one or more application programming interfaces (APIs) hosted by one or more SaaS platforms in order to identify cyber threats in a cyber threat defense system. The SaaS console can use customizable generic templates to provide a regular i) polling service, ii) data retrieval service, and iii) any combination of both, as well as a universal way to obtain data from the one or more APIs hosted by one or more SaaS platforms to collect event-based activity data from the one or more APIs. Data fields of the one or more customizable generic template are configured to be populated with data incorporated from a first user of a first SaaS platform for a first API for the first SaaS platform.