Using Indicators of Behavior When Performing a Security Operation
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity to identify a behavior enacted by the entity, the monitoring observing at least one electronically-observable data source; deriving an observable ba...
Gespeichert in:
| Hauptverfasser: | , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity to identify a behavior enacted by the entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the behavior enacted by the entity; identifying an event of analytic utility, the event of analytic utility being derived from the observable from the electronic data source, the event of analytic utility comprising a behavior enacted by the entity; identifying an indicator of behavior related to the event of analytic utility, the indicator of behavior providing an abstracted description of an inferred intent associated with the behavior enacted by the entity; analyzing the event of analytic utility, the analyzing the event of analytic utility being based upon the indicator of behavior related to the event of analytic utility; and, performing a security operation based upon the inferred intent associated with the behavior enacted by the entity. |
|---|