| CPC H04L 63/1416 (2013.01) [G06F 8/34 (2013.01); H04L 41/22 (2013.01); H04L 63/1433 (2013.01)] | 16 Claims |
|
1. A computer-implemented method comprising:
displaying, via a data integration building user interface, a plurality of integration-identifying user interface input elements configured to receive one or more strings of text for specifying a set of integration identification parameters that characterize an in-development security integration for a third-party security service;
displaying, via the data integration building user interface, a signal-specific data mapping container based on receiving an input selecting a signal mapping addition control button of the data integration building user interface, wherein the signal-specific data mapping container is configured to receive inputs of characters to map technology-specific data attributes of the third-party security service to technology source-agnostic data attributes required by a target technology source-agnostic event signal type;
displaying, via the data integration building user interface, a raw event simulation container;
automatically prepopulating, within the raw event simulation container, a distinct raw event generated by the third-party security service, wherein the raw event simulation container is configured to receive input of:
an expected technology source-agnostic event signal type for validating that the in-development security integration accurately translates the distinct raw event automatically prepopulated within the raw event simulation container to a technology source-agnostic event signal of the expected technology source-agnostic event signal type using mapping instructions specified by the signal-specific data mapping container, wherein:
the raw event simulation container executes, via one or more processing devices, a computer-based integration simulation that generates a simulation output indicating whether a reconfiguration of the in-development security integration is needed before the in-development security integration is deployed into production by assessing whether the mapping instructions specified by the signal-specific data mapping container translated the distinct raw event to a technology-source agnostic security event signal of the expected technology source-agnostic event signal type, and
the computer-based integration simulation is automatically executed based on detecting an algorithmic change to the in-development security integration; and
displaying, via the data integration building user interface, an integration deployment control element that, when operated, transitions the in-development security integration to a deployed security integration for the third-party security service, wherein based on operating the integration deployment control element, installing the mapping instructions configured via the signal-specific data mapping container into a computer database storing a plurality of previously deployed security integrations;
receiving an unnormalized security event from the third-party security service;
generating a technology-source agnostic security event signal that corresponds to the unnormalized security event using the deployed security integration for the third-party security service; and
executing, in real-time, a threat mitigation response that mitigates a security threat associated with the technology-source agnostic security event signal that corresponds to the unnormalized security event by reporting the security threat in real-time to a threat reporting user interface accessible to a subscribing entity.
|