| 摘要 |
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing threat intelligence information. One of the methods includes receiving by a threat information server, threat intelligence information from one or more intelligence feeds and generating one or more identified security threats, identifying a compromise by a management process orchestration server and retrieving information from the threat information server and identifying one or more actions to be performed, determining by an indicator analytics processor, a composite credibility based on the actions, and determining one or more components for profiling and determining indicators of compromise for each component, and communicating the indicators of compromise to the management process orchestration server. Identify Compromise Retrieve Data from Relevant Sources | Identify Status of Compromised Environment I Identify Indicator Matches Identify One or More Performed Actions | Determine Credibility of Each Process Action Determine Composite Credibility based on Actions Determine One or More Components for Profiling Determine Indicators of Compromise for Each Compong Provide Indicators of Compromise for Orchestration |
