Collective threat intelligence gathering system

摘要

Threat intelligence is collected from a variety of different sources. The threat intelligence information is aggregated, normalized, filtered and scored to identify threats to an information network. Threats are categorized by type, maliciousness and confidence level. Threats are reported to network administrators in a plurality of threat feeds, including for example malicious domains, malicious IP addresses, malicious e-mail addresses, malicious URLs and malicious software files.

主权项

1. A system for collecting threat intelligence information, comprising:
a database for storing threat intelligence information; a threat information collector configured to collect threat intelligence information from a plurality of threat intelligence information sources, the collected threat intelligence information including different formats; a threat intelligence information parser configured to (i) parse the collected threat intelligence information into a common format and (ii) store the parsed threat intelligence information in the database; a threat intelligence information scoring engine configured to (i) receive the parsed threat intelligence information from the database and (ii) calculate at least one threat score based on the parsed threat intelligence information; and a threat intelligence information distributor configured to (i) format the parsed threat intelligence information and the at least one threat score into a plurality of delivery formats and (ii) distribute the formatted threat intelligence information to a plurality of threat intelligence information consumers based on predefined consumer preferences.