公开(公告)号：US10356109B2

公开(公告)日：2019-07-16

申请号：US15328018

申请日：2014-07-21

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Anurag Singla ,  Edward Ross ,  Brian Frederik Hosea Che Hein

IPC: H04L29/06 ,  G06F21/55 ,  G06F21/57

Abstract: According to an example, security indicator linkage determination may include parsing input data that is used to determine a plurality of sequences of steps that are involved in attacks. A linkage selected from temporal, spatial, and/or behavioral linkages may be applied to the parsed input data to determine the plurality of sequences of steps. A security indicator that is related to a potential attack may be received. The plurality of sequences of steps may be used to determine whether the security indicator matches a step in one of the plurality of sequences of steps. In response to a determination that the security indicator matches a step in one of the plurality of sequences of steps, linkage between the security indicator and another security indicator from the one of the plurality of sequences of steps that are involved in the attacks may be identified.

公开(公告)号：US10289838B2

公开(公告)日：2019-05-14

申请号：US15116847

申请日：2014-02-21

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Anurag Singla ,  Tomas Sander ,  Edward Ross

IPC: H04L29/06 ,  G06F21/55 ,  G06F21/57

Abstract: Example embodiments disclosed herein relate to determining threat scores for threat observables. Information about multiple threat observables are received from providing entities. The information about the threat observables include at least one attribute about a respective threat associated with the threat observable. Threat scores are determined for the respective threat observables for multiple entities. In one example, a first score of a first one of the threat observables is determined and is different than a second score of the first threat observable for a second entity based on a treatment of the attribute(s).

公开(公告)号：US20160378978A1

公开(公告)日：2016-12-29

申请号：US15116847

申请日：2014-02-21

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Anurag Singla ,  Tomas Sander ,  Edward Ross

IPC: G06F21/55 ,  H04L29/06

CPC classification number: G06F21/55 ,  G06F21/554 ,  G06F21/577 ,  G06F2221/034 ,  G06F2221/2101 ,  H04L63/1433

Abstract: Example embodiments disclosed herein relate to determining threat scores for threat observables. Information about multiple threat observables are received from providing entities. The information about the threat observables include at least one attribute about a respective threat associated with the threat observable. Threat scores are determined for the respective threat observables for multiple entities. In one example, a first score of a first one of the threat observables is determined and is different than a second score of the first threat observable for a second entity based on a treatment of the attribute(s).

Abstract translation: 本文公开的示例性实施例涉及确定威胁可观测量的威胁分数。 从提供实体收到有关多个威胁可观测资料的信息。 关于可观察威胁的信息包括关于与可观察威胁相关联的相应威胁的至少一个属性。 威胁分数是针对多个实体的相应威胁可观察量确定的。 在一个示例中，确定威胁可观测器中的第一个的第一分数，并且不同于基于对该属性的处理的第二实体可观察到的第一威胁的第二分数。

公开(公告)号：US10104112B2

公开(公告)日：2018-10-16

申请号：US15116912

申请日：2014-04-18

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Anurag Singla ,  Tomas Sander ,  Edward Ross

IPC: H04L29/00 ,  H04L29/06 ,  G06F21/55

Abstract: Example embodiments disclosed herein relate to update a rating of threat submitters. Information is received of threat observables from threat submitters. Information about the threat observables is provided to one or more entities. Feedback about a threat observable is received from one of the entities. A rating of the threat submitter associated with the feedback is updated.