Abstract: A computer-implemented method for dynamically identifying security threats comprising a cyber-attack chain composed of a sequence of partial cyber-attacks represented by attack patterns may be provided. The method comprises receiving a sequence of security events, determining, a first cyber-attack pattern by applying a set of predefined rules for detecting an indicator of compromise of a first partial cyber-attack of the cyber-attack chain—thereby, identifying a specific cyber-attack chain—and determining a type and an attribute in the pattern of the first partial cyber-attack. The method comprises further configuring at least one rule for a downstream partial cyber-attack in the specific cyber-attack chain based on the type and the attribute in the attack pattern of the first partial cyber-attack, and adding the at least one configured rule to the set of predefined rules to be used by the correlation engine for dynamically identifying security threats to information technology systems.

Abstract: A computer-implemented method for dynamically identifying security threats comprising a cyber-attack chain composed of a sequence of partial cyber-attacks represented by attack patterns may be provided. The method comprises receiving a sequence of security events, determining, a first cyber-attack pattern by applying a set of predefined rules for detecting an indicator of compromise of a first partial cyber-attack of the cyber-attack chain—thereby, identifying a specific cyber-attack chain—and determining a type and an attribute in the pattern of the first partial cyber-attack. The method comprises further configuring at least one rule for a downstream partial cyber-attack in the specific cyber-attack chain based on the type and the attribute in the attack pattern of the first partial cyber-attack, and adding the at least one configured rule to the set of predefined rules to be used by the correlation engine for dynamically identifying security threats to information technology systems.