Abstract: An autonomous email-report composer composes a type of report on cyber threats that is composed in a human-readable format with natural language prose, terminology, and level of detail on the cyber threats aimed at a target audience. The autonomous email-report composer cooperates with libraries with prewritten text templates with i) standard pre-written sentences written in the natural language prose and ii) prewritten text templates with fillable blanks that are populated with data for the cyber threats specific for a current report being composed, where a template for the type of report contains two or more sections in that template. Each section having different standard pre-written sentences written in the natural language prose.

Abstract: A cyber security system is adapted to generate a cloud architecture assembled from a plurality of cloud resources within a customer cloud environment based on metadata associated with the plurality of cloud resources. The cyber security system features at least a plurality of components. The first component identifies the plurality of cloud resources and collects metadata associated with each of the plurality of cloud resources including a first cloud resource for storage within a storage subsystem. The second component determines how at least the first cloud resource of the plurality of cloud resources is behaving within the customer cloud environment based on analytics conducted on log data and network traffic data associated with the first cloud resource. The third component conducts analytics on information associated with the plurality of cloud resources in order to detect compliance or misconfiguration of the plurality of cloud resources forming the cloud architecture.

Abstract: An autonomous email-report composer composes a type of report on cyber threats that is composed in a human-readable format with natural language prose, terminology, and level of detail on the cyber threats aimed at a target audience. The autonomous email-report composer cooperates with libraries with prewritten text templates with i) standard pre-written sentences written in the natural language prose and ii) prewritten text templates with fillable blanks that are populated with data for the cyber threats specific for a current report being composed, where a template for the type of report contains two or more sections in that template. Each section having different standard pre-written sentences written in the natural language prose.

Abstract: A cyber security system is adapted to compute enhanced metrics including resource misconfiguration and risk levels associated with a plurality of cloud resources and one or more cloud architectures formed by the plurality of cloud resources within a customer cloud environment.

Abstract: A non-transitory computer readable medium including software that, upon execution by a processor, performs to generate cloud architecture(s) for representation of a customer cloud environment. The software performs operations, including (i) identifying a plurality of cloud resources within a customer cloud environment; (ii) collecting metadata associated with the plurality of cloud resources from a cloud provider of the customer cloud environment; and (ii) augmenting the metadata associated with the plurality of cloud resources based on (a) metadata associated with network traffic data being monitored by sensors deployed within the customer cloud environment, (b) metadata associated with user data, and (c) metadata associated with flow log data. The cloud architecture(s) are provided after augmenting of the metadata.

Abstract: An interactive cyber security user interface is provided. The interactive cyber security user interface comprises a large language model, LLM, module configured to receive a natural language input from a user; analyze the natural language input to determine contextual information from the natural language input; determine one or more components of a cyber security system to query based on the contextual information and the natural language input; and generate a query in a software code format accepted by the one or more components of the cyber security system based on an analysis of the natural language input, the contextual information, and the determined one or more components to be queried. The interactive cyber security user interface is configured to query the determined one or more components of the cyber security system using the generated query and receive a response to the query from the one or more components of the cyber security system.

Abstract: The cyber security appliance can have at least the following components. A phishing site detector that has a segmentation module to break up an image of a page of a site under analysis into multiple segments and then analyze each segment of the image to determine visually whether a key text-like feature exists in that segment. A signature creator creates a digital signature for each segment containing a particular key text-like feature. The digital signature for that segment is indicative of a visual appearance of the particular key text-like feature. Trained AI models compare digital signatures from a set of key text-like features detected in the image of that page under analysis to digital signatures of a set of key text-like features from known bad phishing sites in order to output a likelihood of maliciousness of the unknown site under analysis.

Abstract: An autonomous email-report composer composes a type of report on cyber threats that is composed in a human-readable format with natural language prose, terminology, and level of detail on the cyber threats aimed at a target audience. The autonomous email-report composer cooperates with libraries with prewritten text templates with i) standard pre-written sentences written in the natural language prose and ii) prewritten text templates with fillable blanks that are populated with data for the cyber threats specific for a current report being composed, where a template for the type of report contains two or more sections in that template. Each section having different standard pre-written sentences written in the natural language prose.

Abstract: An open-source intelligence (OSINT) monitoring engine operating as an AI-driven system for monitoring incoming content received from an OSINT source to detect emerging cyber threats is described. The OSINT monitoring engine features a source evaluation module, a content processing engine, and a content classification engine. The source evaluation module determines a confidence level associated with a source of the incoming content and refrains from providing textual information associated with the incoming content unless the confidence level associated with the source is equal to or exceeds a prescribed threshold. The content processing engine identifies salient information from the textual information for use in identifying an emerging cyber threat.

Abstract: The cyber security appliance can have at least the following components. A phishing site detector that has a segmentation module to break up an image of a page of a site under analysis into multiple segments and then analyze each segment of the image to determine visually whether a key text-like feature exists in that segment. A signature creator creates a digital signature for each segment containing a particular key text-like feature. The digital signature for that segment is indicative of a visual appearance of the particular key text-like feature. Trained AI models compare digital signatures from a set of key text-like features detected in the image of that page under analysis to digital signatures of a set of key text-like features from known bad phishing sites in order to output a likelihood of maliciousness of the unknown site under analysis.

Abstract: A method for a cyber security appliance incorporating data from a source code repository, hosted by a software development environment, to identify cyber threats related to source code being stored and developed in that source code repository is provided. The method comprises: receiving, at one or more modules of the cyber security appliance, data indicating a network entity representing a user's interaction with the source code repository; and comparing the data, received from the one or more modules, to one or more machine learning models trained on a normal benign behavior interacting with the source code repository using a normal behavior benchmark describing parameters corresponding to a normal interaction behavior.

Abstract: A cyber threat defense system can incorporate data from an instant messaging platform with multiple other platforms in a client system to identify cyber threats across the client system. The system can have one or more instant messaging modules to collect instant messaging data from one or more network entities that utilizes one or more instant messaging platforms. A user specific profile module can identify a user of the client system associated with the user account based on a composite user profile constructed from user context data collected across multiple platforms of the client system. A risk profile module can associate the user with a user risk profile based on the composite user profile. The risk profile module can apply one or more artificial intelligence classifiers to the instant message based on the user risk profile. A cyber threat module is configured to identify whether the instant messaging data corresponds to a cyber threat partially based on the user risk profile.

Abstract: A Software as a Service (SaaS) console can retrieve data from one or more application programming interfaces (APIs) hosted by one or more SaaS platforms in order to identify cyber threats in a cyber threat defense system. The SaaS console can use customizable generic templates to provide a regular i) polling service, ii) data retrieval service, and iii) any combination of both, as well as a universal way to obtain data from the one or more APIs hosted by one or more SaaS platforms to collect event-based activity data from the one or more APIs. Data fields of the one or more customizable generic template are configured to be populated with data incorporated from a first user of a first SaaS platform for a first API for the first SaaS platform.

Abstract: The cyber security appliance can have at least the following components. A phishing site detector that has a segmentation module to break up an image of a page of a site under analysis into multiple segments and then analyze each segment of the image to determine visually whether a key text-like feature exists in that segment. A signature creator creates a digital signature for each segment containing a particular key text-like feature. The digital signature for that segment is indicative of a visual appearance of the particular key text-like feature. Trained AI models compare digital signatures from a set of key text-like features detected in the image of that page under analysis to digital signatures of a set of key text-like features from known bad phishing sites in order to output a likelihood of maliciousness of the unknown site under analysis.