US 11,882,130 B2
Automated extraction and classification of malicious indicators
Janos Szurdi, Santa Clara, CA (US); Daiping Liu, San Jose, CA (US); and Jun Wang, Fremont, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Feb. 25, 2021, as Appl. No. 17/185,760.
Prior Publication US 2022/0272109 A1, Aug. 25, 2022
Int. Cl. H04L 29/06 (2006.01); G06N 5/02 (2023.01); G06N 20/00 (2019.01); H04L 9/40 (2022.01); G06N 5/025 (2023.01)
CPC H04L 63/1416 (2013.01) [G06N 5/025 (2013.01); G06N 20/00 (2019.01)] 29 Claims
OG exemplary drawing
 
1. A system, comprising:
a processor configured to:
receive a set of potential sources for Indicators of Compromise (IOCs);
extract one or more candidate IOCs from at least one source included in the set of potential sources, including by determining that a URL was defanged;
automatically identify an actionable IOC from the one or more candidate IOCs; and
provide the actionable IOC to a security enforcement service, including by reverse defanging the URL; and
a memory coupled to the processor and configured to provide the processor with instructions.