US 12,316,662 B2
System and method for automated incident generation
Qi Wang, Champaign, IL (US); Zhichun Li, Santa Clara, CA (US); Jiaping Gui, Shanghai (CN); and Shuchu Han, Princeton Junction, NJ (US)
Assigned to Stellar Cyber, Inc., San Jose, CA (US)
Filed by Stellar Cyber, Inc., San Jose, CA (US)
Filed on Jan. 16, 2023, as Appl. No. 18/155,030.
Prior Publication US 2024/0244071 A1, Jul. 18, 2024
Int. Cl. H04L 9/40 (2022.01); G06N 5/022 (2023.01)
CPC H04L 63/1425 (2013.01) [G06N 5/022 (2013.01); H04L 63/1416 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for automated incident generation, the system comprising:
at least one non-transitory memory configured to store computer executable instructions; and
at least one processor configured to execute the computer executable instructions to:
retrieve an alert of a plurality of alerts received from a plurality of heterogeneous sources, wherein the alert of the plurality of alerts is associated with a security breach;
generate a normalized alert based on normalization of the retrieved alert, wherein the normalization is associated with a semantic similarity parameter;
generate an enriched alert based on enrichment of the generated normalized alert, wherein the enrichment is based on security related data of the security breach associated with the generated normalized alert;
identify a set of correlation features associated with the generated enriched alert; and
generate the automated incident associated with the alert based on at least the generated enriched alert and the identified set of correlation features associated with the enriched alert.