公开(公告)号：WO2017100534A1

公开(公告)日：2017-06-15

申请号：PCT/US2016/065765

申请日：2016-12-09

Applicant: SERVICENOW, INC.

Inventor： REYBOK, Jr., Richard ,  RHINES, Jeffrey ,  ZETTLE II, Kurt Joseph ,  GEDDES, Henry

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F17/30345 ,  H04L63/02 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/14 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20

Abstract: Systems and methods are disclosed for computer network threat assessment. For example, methods may include receiving from client networks respective threat data and storing the respective threat data in a security event database; maintaining affiliations for groups of the client networks; detecting correlation between a network threat and one of the groups; identifying an indicator associated with the network threat, and, dependent on the affiliation for the group, identifying a client network and generating a message, which conveys an alert to the client network, comprising the indicator; responsive to the message, receiving, from the client network, a report of detected correlation between the indicator and security event data maintained by the client network; and updating the security event database responsive to the report of detected correlation.

Abstract translation: 公开了用于计算机网络威胁评估的系统和方法。 例如，方法可以包括从客户端网络接收相应的威胁数据并将相应的威胁数据存储在安全事件数据库中; 维护一组客户网络的隶属关系; 检测网络威胁与其中一个组之间的相关性; 识别与所述网络威胁相关联的指示符，并且取决于所述组的所属关系，识别客户端网络并生成向所述客户端网络传送包括所述指示符的警报的消息; 响应于所述消息，从所述客户端网络接收由所述客户端网络维护的所述指示符与安全事件数据之间的检测到的相关性的报告; 并且响应于检测到的相关性的报告更新安全事件数据库。