首页>
外国专利>
MACHINE-LEARNING BASED APPROACH FOR DYNAMICALLY GENERATING INCIDENT-SPECIFIC PLAYBOOKS FOR A SECURITY ORCHESTRATION, AUTOMATION AND RESPONSE (SOAR) PLATFORM
MACHINE-LEARNING BASED APPROACH FOR DYNAMICALLY GENERATING INCIDENT-SPECIFIC PLAYBOOKS FOR A SECURITY ORCHESTRATION, AUTOMATION AND RESPONSE (SOAR) PLATFORM
展开▼
机译:基于机器学习的方法,用于动态生成特定事件的剧本,用于安全编程,自动化和响应(SOAR)平台
展开▼
页面导航
摘要
著录项
相似文献
摘要
Systems and methods for a machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration and automated response (SOAR) platform are provided. The SOAR platform captures information regarding execution of a sequence of actions performed by analysts responsive to a first incident of a first type. The captured information is fed into a machine-learning model. When a second incident, observed by the SOAR platform, is similar in nature to the first incident or the first type a recommended sequence of actions is generated based on the machine-learning model for use by an analyst in connection with responding to the second incident. In response to rejection of the recommended sequence by the analyst, revising the recommended sequence based on input provided by the analyst and storing the revised recommendation sequence in a form of a revised playbook for response to subsequent incidents that are similar to the second incident.
展开▼
