TTP based automated playbook generation method and system performing the same

TTP based automated playbook generation method and system performing the same

The method for automatically generating a playbook performed by a computing apparatus according to the present disclosure comprises periodically collecting asset information and CTI (Cyber Threat Intelligence) information of a target network, extracting TTP (Tactics, Techniques, Procedure) informati...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Kim, Tae Hyeon, Son, Ki Jong, Kim, Tae Eun, Lee, Sae Woom, Lim, Joon Hyung, Choi, Seul Ki
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The method for automatically generating a playbook performed by a computing apparatus according to the present disclosure comprises periodically collecting asset information and CTI (Cyber Threat Intelligence) information of a target network, extracting TTP (Tactics, Techniques, Procedure) information using the collected asset information and the collected CTI information, retrieving a data source of the extracted TTP information, generating a temporary playbook including a data component matching a detection method of the extracted TTP information among a plurality of data components of the retrieved data source, verifying validity of the temporary playbook based on data component order information of the temporary playbook and determining whether rearrangement of data components included in the temporary playbook is needed, and rearranging data components included in the temporary playbook, and storing it as a final playbook.