公开(公告)号：GB2598493B

公开(公告)日：2022-07-20

申请号：GB202114777

申请日：2020-03-23

Applicant: IBM

Inventor： PREETI RAVINDRA ,  YOUNGJA PARK ,  DHILUNG KIRAT ,  JIYONG JANG ,  MARK PHILIPPE STOECKLIN

IPC: H04L9/40 ,  G06F16/245 ,  G06F16/25 ,  G06F16/335 ,  G06F40/279 ,  G06F40/30

Abstract: A cognitive security analytics platform is enhanced by providing a technique for automatically inferring temporal relationship data for cybersecurity events. In operation, a description of a security event is received, typically as unstructured security content or data. Information such as temporal data or cues, are extracted from the description, along with security entity and relationship data. Extracted temporal information is processing according to a set of temporal markers (heuristics) to determine a time value marker (i.e., an established time) of the security event. This processing typically involves retrieval of information from one or more structured data sources. The established time is linked to the security entities and relationships. The resulting security event, as augmented with the identified temporal data, is then subjected to a management operation.

公开(公告)号：GB2598493A

公开(公告)日：2022-03-02

申请号：GB202114777

申请日：2020-03-23

Applicant: IBM

Inventor： PREETI RAVINDRA ,  YOUNGJA PARK ,  DHILUNG KIRAT ,  JIYONG JANG ,  MARK PHILIPPE STOECKLIN

IPC: H04L9/40 ,  G06F16/245 ,  G06F16/25 ,  G06F16/335 ,  G06F40/279 ,  G06F40/30

Abstract: A cognitive security analytics platform is enhanced by providing a technique for automatically inferring temporal relationship data for cybersecurity events. In operation, a description of a security event is received, typically as unstructured security content or data. Information such as temporal data or cues, are extracted from the description, along with security entity and relationship data. Extracted temporal information is processing according to a set of temporal markers (heuristics) to determine a time value marker (i.e., an established time) of the security event. This processing typically involves retrieval of information from one or more structured data sources. The established time is linked to the security entities and relationships. The resulting security event, as augmented with the identified temporal data, is then subjected to a management operation.