Patent attributes
A cybersecurity system for processing events to produce scores, alerts, and mitigation actions. The system includes sensors for receiving and processing data to form events, distributed analytic platform for processing events to form analytic workflows, and scoring engines for processing events using analytic workflows to produce scoring engine messages. The system also includes real time analytic engine for processing scoring engine messages and distributed analytic platform messages using the analytic workflows and analytic workflow and event processing rules to form and transmit a threat intelligence message. Threat intelligence messages include broadcast messages, mitigation messages, and model update messages. The system also includes logical segments which associate an analytic model, a set of analytic models, or an analytic workflow; one or more sources of inputs about activity within the logical segment, and a set of actions for mitigating an impact of the anomalous activity occurring within the logical segment.
