| CPC H04L 63/1433 (2013.01) [H04L 63/1425 (2013.01); H04L 67/125 (2013.01)] | 20 Claims |
|
1. A system comprising:
a processor configured to:
establish, using a corresponding application programming interface (API), a connection with a third-party multi-tenant service to obtain data that is related to a series of digital activities performed using digital communication accounts accessible to employees of an enterprise;
parse the obtained data for one or more attributes of the series of digital activities including a first digital activity associated with a first employee of the enterprise and populate a series of records into a set of separate employee communication digital profiles that are maintained for the accounts to develop different historical summaries for the different accounts of the employees of the enterprise, including by generating a record for the first digital activity by populating a data structure with: (i) the one or more attributes of the first digital activity and (ii) an indication of a threat posed to the enterprise, wherein the indication of the threat posed is in response to rescoring an associated email communication initially scored as non-malicious, and the threat posed is determined based at least in part on the one or more associated attributes of the first digital activity, wherein the first digital activity comprises at least one of: a receipt of the email communication transmitted from a sender to the first employee of the enterprise, a transmission of the email communication by the first employee of the enterprise, or a creation of an email filter by the first employee of the enterprise; and
provide the indication of the threat posed to the enterprise as output; and
a memory coupled to the processor and configured to provide the processor with instructions.
|