公开(公告)号：WO2017142803A1

公开(公告)日：2017-08-24

申请号：PCT/US2017/017363

申请日：2017-02-10

Applicant: SWIMLANE, LLC

Inventor： CORNELL, Cody ,  KAFENBAUM, Brian ,  WHEELER, Brant ,  MCDANIEL, Austin

IPC: G06F21/55 ,  G06F21/52 ,  G06F21/57

CPC classification number: G06F21/577 ,  G06F21/554 ,  G06Q10/0633 ,  H04L63/1441

Abstract: A security operations system may receive an alarm in response to a detected threat. The alarm may include characteristics of the threat. The system may then generate a record in response to the alarm and populate a form with the characteristics of the threat. The form may be associated with the record and selected in response to a type of the threat. The system may further generate a workflow including at least one but potentially multiple actions. The system also receives security contextual information in response to a request including the characteristics of the threat or associated indicators of the threat and then updates the form to include the security contextual information. The security operations system can evaluate contextual information and request additional information, as well as leverage workflow to take iterative changes to rulesets and configurations, to provide additional security protection or garner additional information on a threat.

Abstract translation: 响应于检测到的威胁，安全操作系统可以接收警报。 警报可能包括威胁的特征。 系统然后可以响应于警报生成记录并且填充具有威胁特征的表单。 该表格可以与记录相关联，并根据威胁的类型进行选择。 该系统可以进一步生成包括至少一个但可能多个动作的工作流程。 响应于包括威胁的特征或威胁的相关指示符的请求，系统还接收安全上下文信息，然后更新表格以包括安全上下文信息。 安全操作系统可以评估上下文信息并请求附加信息，并利用工作流对规则集和配置进行迭代更改，以提供额外的安全保护或获取有关威胁的其他信息。