US 12,229,246 B2
Browser extension for cybersecurity threat intelligence and response
Edward Hinkle, Frederick, MD (US); Mashell Rodriguez, Joshua Tree, CA (US); Marika Chauvin, New Orleans, LA (US); Daniel Cole, Reston, VA (US); Andrew Pendergast, Columbia, MD (US); and Kathryn Grayson Nanz, Black Mountain, NC (US)
Assigned to ThreatConnect, Inc., Arlington, VA (US)
Filed by ThreatConnect, Inc., Arlington, VA (US)
Filed on Jun. 25, 2021, as Appl. No. 17/358,181.
Prior Publication US 2022/0414206 A1, Dec. 29, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); G06F 16/951 (2019.01); G06F 21/53 (2013.01); H04L 9/40 (2022.01)
CPC G06F 21/53 (2013.01) [G06F 16/951 (2019.01); H04L 63/1483 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for implementing a browser extension for cyber threat intelligence and response, comprising:
a non-transitory memory configured to store instructions; and
one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising:
scanning, in a sandbox of a browser by a browser extension, at least part of a web page to produce a set of items of interests;
transmitting, by the browser extension, the set of items of interests to a cloud-based enrichment and analysis of cybersecurity threat intelligence system to request information on the set of items;
receiving, in the browser extension, a response from the cloud-based enrichment and analysis of cybersecurity threat intelligence system, the response including a scan result based on the transmitted set of items of interests, and the scan result including at least one of an indicator of compromise of the at least scanned part of the web page;
displaying, by the browser extension, the scan result including the at least one of an indicator of compromise;
receiving, in the browser extension, a selection of at least one particular indicator of compromise of the scanned web page;
displaying, in the browser with the browser extension, a plurality of orchestrated responses to be performed on the selected at least one particular indicator of compromise;
receiving, in the browser extension, a selection of a plurality of particular orchestrated responses of the plurality orchestrated responses;
transmitting, with the browser extension, the selected plurality of particular orchestrated responses to be performed on the selected at least one particular indicator of compromise to the cloud-based enrichment and analysis of cybersecurity threat intelligence system;
receiving, from the cloud-based enrichment and analysis of cybersecurity threat intelligence system, a response including a result of each of the selected plurality of particular orchestrated responses; and
display, in the browser with the browser extension, the result of each of the selected plurality of particular orchestrated responses in the browser.