| CPC G06F 21/552 (2013.01) [G06F 2221/034 (2013.01)] | 23 Claims |
|
1. A system, comprising:
a processor configured to:
establish, via an application programming interface, a connection with a storage medium that includes a series of communications received by an employee of an enterprise and obtain an email that is addressed to the employee;
determine a plurality of features associated with the obtained email;
use a plurality of facet models to analyze the determined features, wherein at least one facet model included in the plurality of facet models is a topic model that identifies a topic that is mentioned either directly or indirectly in the email;
determine, based at least in part on the analysis, that the email poses a security threat;
determine a prioritized set of information to provide as output in a report, wherein the prioritized set of information is representative of why the email was determined to pose a security threat; and
provide at least a portion of the prioritized set of information as output in an interface; and
a memory coupled to the processor and configured to provide the processor with instructions.
|