| CPC H04L 63/1416 (2013.01) [H04L 9/3247 (2013.01)] | 9 Claims |
|
1. A method for automatic signatures generation from a plurality of sources, comprising:
defining a plurality of identified sources of samples providers;
collecting, by a computerized data processing unit, input samples from said sample providers;
extracting, by the computerized data processing unit, raw indicators of compromise (IoCs) from said input samples;
verifying, by said computerized data processing unit, said input samples defining verified input samples;
generating, by said computerized data processing unit, verified signatures from said verified input samples;
storing, in a verified signatures database operatively connected to said computerized data processing unit, said verified signatures;
wherein said collecting comprises extracting raw IoCs from said input samples;
wherein said verifying comprises evaluating the reputation of each of said raw IoCs according to predefined reputation rules and comparing each of said raw IoCs with a database of existing signatures operatively connected to said data processing unit to define allowable raw IoCs; and
wherein said generating comprises creating said verified signatures from said verified input samples corresponding to said allowable raw IoCs, by inserting each allowable raw IoC into a predefined structured format including associated metadata.
|