	US 12,294,592 B2
	Automated extraction and classification of malicious indicators
Janos Szurdi, Sunnyvale, CA (US); Daiping Liu, Sunnyvale, CA (US); and Jun Wang, Fremont, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Sep. 27, 2023, as Appl. No. 18/373,481.
Application 18/373,481 is a continuation of application No. 17/185,760, filed on Feb. 25, 2021, granted, now 11,882,130.
Prior Publication US 2024/0031383 A1, Jan. 25, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06N 5/025 (2023.01); G06N 20/00 (2019.01)

CPC H04L 63/1416 (2013.01) [G06N 5/025 (2013.01); G06N 20/00 (2019.01)]

31 Claims

1. A system, comprising:

a processor configured to:

receive a set of potential sources for Indicators of Compromise (IOCs), wherein at least one potential source included in the set is a social media account, and where the social media account comprises a set of one or more posts, at least one of which posts does not contain an IOC;

extract one or more candidate IOCs from at least one source included in the set of potential sources, including by determining a context for a given candidate IOC using text surrounding the given candidate IOC;

automatically identify an actionable IOC from the one or more candidate IOCs; and

provide the actionable IOC to a security enforcement service; and

a memory coupled to the processor and configured to provide the processor with instructions.