首页>
外国专利>
SYSTEMS AND METHODS OF INFORMATION SECURITY MONITORING WITH THIRD-PARTY INDICATORS OF COMPROMISE
SYSTEMS AND METHODS OF INFORMATION SECURITY MONITORING WITH THIRD-PARTY INDICATORS OF COMPROMISE
展开▼
机译:信息安全监测系统和方法,第三方指标妥协指标
展开▼
页面导航
摘要
著录项
相似文献
摘要
An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.
展开▼