Jump to content

17943655. Automated Security Rule Updates Based On Alert Feedback simplified abstract (Google LLC)

From WikiPatents

Automated Security Rule Updates Based On Alert Feedback

Organization Name

Google LLC

Inventor(s)

Anurag Singla of Cupertino CA (US)

Automated Security Rule Updates Based On Alert Feedback - A simplified explanation of the abstract

This abstract first appeared for US patent application 17943655 titled 'Automated Security Rule Updates Based On Alert Feedback

Simplified Explanation

The patent application focuses on reducing false positive alerts generated by a SIEM system by adjusting the rules based on feedback from a SOAR system.

  • The system adjusts the set of rules used by a SIEM system to analyze network traffic and system activities based on feedback from a SOAR system.
  • Alert feedback is received for a set of alerts, indicating whether they were true positive or false positive alerts.
  • Conditions of the rules are adjusted based on the feedback to improve the accuracy of alerts.

Potential Applications

This technology can be applied in cybersecurity systems to enhance the efficiency and accuracy of threat detection processes.

Problems Solved

This technology addresses the issue of high false positive rates in SIEM systems, which can overwhelm security analysts and lead to important alerts being missed.

Benefits

The system helps in reducing the number of false positive alerts, allowing security teams to focus on genuine threats and respond more effectively to potential security incidents.

Potential Commercial Applications

"Enhancing Cybersecurity Threat Detection with Rule Adjustment Based on Feedback from SOAR Systems"

Possible Prior Art

One possible prior art could be the use of machine learning algorithms to reduce false positive alerts in cybersecurity systems.

=== What are the specific rules that are adjusted based on the feedback from the SOAR system? The specific rules that are adjusted based on the feedback from the SOAR system are the conditions that trigger the alerts in the SIEM system. By fine-tuning these conditions, the system aims to reduce false positive alerts.

=== How does the system differentiate between true positive and false positive alerts? The system differentiates between true positive and false positive alerts based on the feedback received from the SOAR system. If an alert is confirmed to be a genuine threat or security incident, it is classified as a true positive alert. Conversely, if the alert is deemed to be a false alarm or not a real threat, it is classified as a false positive alert.


Original Abstract Submitted

Aspects of the disclosure are directed to systems, method, and computer-readable mediums for reducing the number of false positive alerts generated by a SIEM system by adjusting the set of rules the SIEM system uses to analyze attributes of the network traffic and/or system activities based on feedback from a SOAR system. Alert feedback may be received for a set of alerts generated in response to attributes triggering one or more rules. The alert feedback may indicate, for each alert of the set of alerts, whether the alert was a true positive alert or false positive alert. One or more conditions of the at least one rule may be adjusted based on the feedback.

Retrieved from "http://wikipatents.org/index.php?title=17943655._Automated_Security_Rule_Updates_Based_On_Alert_Feedback_simplified_abstract_(Google_LLC)&oldid=38490"

(Ad) Transform your business with AI in minutes, not months

Custom AI strategy for your specific industry
Step-by-step implementation with clear ROI
5-minute setup - no technical skills needed
Get your AI playbook
Cookies help us deliver our services. By using our services, you agree to our use of cookies.