白丝美女被狂躁免费视频网站,500av导航大全精品,yw.193.cnc爆乳尤物未满,97se亚洲综合色区,аⅴ天堂中文在线网官网

Message platform for automated threat simulation, reporting, detection, and remediation

專(zhuān)利號(hào)
US11997115B1
公開(kāi)日期
2024-05-28
申請(qǐng)人
Cofense Inc.(US VA Leesburg)
發(fā)明人
Aaron Higbee; David Chamberlain; Vineetha Philip
IPC分類(lèi)
H04L9/40; G06F16/35; G06F21/00; G06F21/55; H04L51/212; H04L51/08
技術(shù)領(lǐng)域
message,phishing,email,messages,be,or,emails,in,user,cluster
地域: VA VA Leesburg

摘要

Methods, network devices, and machine-readable media for an integrated environment and platform for automated processing of reports of suspicious messages, and further including automated threat simulation, reporting, detection, and remediation, including rapid quarantine and restore functions.

說(shuō)明書(shū)

The threat information derived from messages can be provided, by an API or other means, such as but not limited to an Indicator of Compromise (IOC), to a sandbox 1810, Aresight?, Splunk?, SIEM, or a logging system. As non-limiting examples of the further processing that may be performed by the network security device, sandboxing systems can be used to evaluate artifacts, such as attachments and hashes, domains and URL analysis (sandboxing), and virus data lookups (VirusTotal?). When viewing a reported message that has an attachment, an “Attachments” button can be provided for a user to manually initiate an integration to a sandbox analyzer for detonation, such as one offered by FireEye? ThreatGrid?, or Cuckoo?, or to a virus or other static malware checking service, such as VirusTotal?, etc. The system also allows a user to perform external lookups of those artifacts against a Web site, for example URL Void or Google, directly from within the system. In addition to a user manually running a third-party integration (as detailed above), the user may also specify that the integration is performed automatically. For example, all attachments to a report may be submitted immediately to a sandbox 1810. In another embodiment, the user may specify that only certain types of files are immediately sent to a sandbox 1810. For exemplary purposes, the user may specify that the file type must be any one of DOC, DOCX, XLS, XLSX, PPT, PPTX, PDF, Executable, BZIP, ZIP, TAR, DMG. Additionally, the user may set a data expiration date so that in the event that multiple reports contain the same file, only one file is sent to the third-party integration until the expiration time has passed. Cukoo?, or to a virus or other static malware checking service, such as VirusTotal?, etc.

權(quán)利要求

1
微信群二維碼
意見(jiàn)反饋