17943655. Automated Security Rule Updates Based On Alert Feedback simplified abstract (Google LLC)
Contents
- 1 Automated Security Rule Updates Based On Alert Feedback
- 1.1 Organization Name
- 1.2 Inventor(s)
- 1.3 Automated Security Rule Updates Based On Alert Feedback - A simplified explanation of the abstract
- 1.4 Simplified Explanation
- 1.5 Potential Applications
- 1.6 Problems Solved
- 1.7 Benefits
- 1.8 Potential Commercial Applications
- 1.9 Possible Prior Art
- 1.10 Original Abstract Submitted
Automated Security Rule Updates Based On Alert Feedback
Organization Name
Inventor(s)
Anurag Singla of Cupertino CA (US)
Automated Security Rule Updates Based On Alert Feedback - A simplified explanation of the abstract
This abstract first appeared for US patent application 17943655 titled 'Automated Security Rule Updates Based On Alert Feedback
Simplified Explanation
The patent application focuses on reducing false positive alerts generated by a SIEM system by adjusting the rules based on feedback from a SOAR system.
- The system adjusts the set of rules used by a SIEM system to analyze network traffic and system activities based on feedback from a SOAR system.
- Alert feedback is received for a set of alerts, indicating whether they were true positive or false positive alerts.
- Conditions of the rules are adjusted based on the feedback to improve the accuracy of alerts.
Potential Applications
This technology can be applied in cybersecurity systems to enhance the efficiency and accuracy of threat detection processes.
Problems Solved
This technology addresses the issue of high false positive rates in SIEM systems, which can overwhelm security analysts and lead to important alerts being missed.
Benefits
The system helps in reducing the number of false positive alerts, allowing security teams to focus on genuine threats and respond more effectively to potential security incidents.
Potential Commercial Applications
"Enhancing Cybersecurity Threat Detection with Rule Adjustment Based on Feedback from SOAR Systems"
Possible Prior Art
One possible prior art could be the use of machine learning algorithms to reduce false positive alerts in cybersecurity systems.
=== What are the specific rules that are adjusted based on the feedback from the SOAR system? The specific rules that are adjusted based on the feedback from the SOAR system are the conditions that trigger the alerts in the SIEM system. By fine-tuning these conditions, the system aims to reduce false positive alerts.
=== How does the system differentiate between true positive and false positive alerts? The system differentiates between true positive and false positive alerts based on the feedback received from the SOAR system. If an alert is confirmed to be a genuine threat or security incident, it is classified as a true positive alert. Conversely, if the alert is deemed to be a false alarm or not a real threat, it is classified as a false positive alert.
Original Abstract Submitted
Aspects of the disclosure are directed to systems, method, and computer-readable mediums for reducing the number of false positive alerts generated by a SIEM system by adjusting the set of rules the SIEM system uses to analyze attributes of the network traffic and/or system activities based on feedback from a SOAR system. Alert feedback may be received for a set of alerts generated in response to attributes triggering one or more rules. The alert feedback may indicate, for each alert of the set of alerts, whether the alert was a true positive alert or false positive alert. One or more conditions of the at least one rule may be adjusted based on the feedback.
