Aggregating network security data for export
US-2018324197-A1 · Nov 8, 2018 · US
Threat mitigation system and method
US2022345476A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2022345476-A1 |
| Application number | US-202217735448-A |
| Country | US |
| Kind code | A1 |
| Filing date | May 3, 2022 |
| Priority date | Jun 6, 2018 |
| Publication date | Oct 27, 2022 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A computer-implemented method, computer program product and computing system for: obtaining one or more artifacts concerning a detected security event; obtaining artifact information concerning the one or more artifacts; and generating a conclusion concerning the detected security event based, at least in part, upon the detected security event, the one or more artifacts, and the artifact information.
First claim
Opening claim text (preview).
1 .- 24 . (canceled) 25 . A computer-implemented method, executed on a computing device, comprising: obtaining one or more artifacts concerning a detected security event; obtaining artifact information concerning the one or more artifacts; and generating a conclusion concerning the detected security event based, at least in part, upon the detected security event, the one or more artifacts, and the artifact information; and executing a remedial action plan based upon, at least in part, the conclusion, wherein executing the remedial action plan includes: determining that a threat level associated with the detected security event is low, and permitting a suspect activity associated with the security event to continue; determining that a threat level associated with the detected security event is moderate, and generating a security event report based, at least in part, upon the one or more artifacts concerning the security event, and providing the security event report to a third party for review; and determining that a threat level associated with the detected security event is high, and executing a threat mitigation plan including one or more of shutting down a stream of content associated with the security event and closing a port of a computing device associated with the security event. 26 . The computer-implemented method of claim 25 further comprising: documenting the conclusion. 27 . The computer-implemented method of claim 25 further comprising: reporting the conclusion to a third-party. 28 . The computer-implemented method of claim 25 further comprising: obtaining supplemental artifacts and artifact information when needed. 29 . The computer-implemented method of claim 25 wherein obtaining artifact information concerning the one or more artifacts includes: obtaining artifact information concerning the one or more artifacts from one or more investigation resources. 30 . The computer-implemented method of claim 25 wherein the detected security event includes one or more of: access auditing; anomalies; authentication; denial of services; exploitation; malware; phishing; spamming; reconnaissance; and web attack. 31 . A computer program product residing on a non-transitory computer readable medium having a plurality of instructions stored thereon which, when executed by a processor, cause the processor to perform operations comprising: obtaining one or more artifacts concerning a detected security event; obtaining artifact information concerning the one or more artifacts; and generating a conclusion concerning the detected security event based, at least in part, upon the detected security event, the one or more artifacts, and the artifact information; and executing a remedial action plan based upon, at least in part, the conclusion, wherein executing the remedial action plan includes: determining that a threat level associated with the detected security event is low, and permitting a suspect activity associated with the security event to continue; determining that a threat level associated with the detected security event is moderate, and generating a security event report based, at least in part, upon the one or more artifacts concerning the security event, and providing the security event report to a third party for review; and determining that a threat level associated with the detected security event is high, and executing a threat mitigation plan including one or more of shutting down a stream of content associated with the security event and closing a port of a computing device associated with the security event. 32 . The computer program product of claim 31 further comprising: documenting the conclusion. 33 . The computer program product of claim 31 further comprising: reporting the conclusion to a third-party. 34 . The computer program product of claim 31 further comprising: obtaining supplemental artifacts and artifact information when needed. 35 . The computer program product of claim 31 wherein obtaining artifact information concerning the one or more artifacts includes: obtaining artifact information concerning the one or more artifacts from one or more investigation resources. 36 . The computer program product of claim 31 wherein the detected security event includes one or more of: access auditing; anomalies; authentication; denial of services; exploitation; malware; phishing; spamming; reconnaissance; and web attack. 37 . A computing system including a processor and memory configured to perform operations comprising: obtaining one or more artifacts concerning a detected security event; obtaining artifact information concerning the one or more artifacts; and generating a conclusion concerning the detected security event based, at least in part, upon the detected security event, the one or more artifacts, and the artifact information; and executing a remedial action plan based upon, at least in part, the conclusion, wherein executing the remedial action plan includes: determining that a threat level associated with the detected security event is low, and permitting a suspect activity associated with the security event to continue; determining that a threat level associated with the detected security event is moderate, and generating a security event report based, at least in part, upon the one or more artifacts concerning the security event, and providing the security event report to a third party for review; and determining that a threat level associated with the detected security event is high, and executing a threat mitigation plan including one or more of shutting down a stream of content associated with the security event and closing a port of a computing device associated with the security event. 38 . The computing system of claim 37 further comprising: documenting the conclusion. 39 . The computing system of claim 37 further comprising: reporting the conclusion to a third-party. 40 . The computing system of claim 37 further comprising: obtaining supplemental artifacts and artifact information when needed. 41 . The computing system of claim 37 wherein obtaining artifact information concerning the one or more artifacts includes: obtaining artifact information concerning the one or more artifacts from one or more investigation resources. 42 . The computing system of claim 37 wherein the detected security event includes one or more of: access auditing; anomalies; authentication; denial of services; exploitation; malware; phishing; spamming; reconnaissance; and web attack.
Assignees
Inventors
Classifications
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
- H04L63/1425Primary
Traffic logging, e.g. anomaly detection · CPC title
Generating training patterns; Bootstrap methods, e.g. bagging or boosting · CPC title
Probabilistic graphical models, e.g. probabilistic networks · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2022345476A1 cover?
- A computer-implemented method, computer program product and computing system for: obtaining one or more artifacts concerning a detected security event; obtaining artifact information concerning the one or more artifacts; and generating a conclusion concerning the detected security event based, at least in part, upon the detected security event, the one or more artifacts, and the artifact inform…
- Who is the assignee on this patent?
- Reliaquest Holdings Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Oct 27 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).