首页>
外国专利>
SYSTEM, METHOD AND COMPUTER READABLE MEDIUM FOR IDENTIFYING MISSING ORGANIZATIONAL SECURITY DETECTION SYSTEM RULES
SYSTEM, METHOD AND COMPUTER READABLE MEDIUM FOR IDENTIFYING MISSING ORGANIZATIONAL SECURITY DETECTION SYSTEM RULES
展开▼
机译:用于识别缺失的组织安全检测系统规则的系统,方法和计算机可读介质
展开▼
页面导航
摘要
著录项
相似文献
摘要
A system for identifying missing organizational security detection system rules, the system includes at least one processing circuitry configured to provide a known cyber-attack techniques repository including information of known cyber-attack techniques and required SIEM (or any other organizational security detection system such as EDR, firewall, etc.) rules required for protecting against each of the known cyber-attack techniques, the known rules being in a generic SIEM rules format; obtain existing SIEM rules of a SIEM of an organization, the existing SIEM rules being in a vendor-specific language, other than the generic SIEM rules format; translate the existing SIEM rules to the generic SIEM rules format, using a translation system, giving rise to translated SIEM rules; compare the translated SIEM rules to the required SIEM rules to identify missing rules, being the required SIEM rules not included in the translated SIEM rules.
展开▼