The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
May. 27, 2025
Filed:
Oct. 31, 2022
International Business Machines Corporation, Armonk, NY (US);
Aankur Bhatia, Bethpage, NY (US);
Abhishek Basu, Kolkata, IN;
Luiz Marcel Arbos, Warsaw, PL;
Terry Liggett, Henderson, NV (US);
Kyle Proctor, Holly, MI (US);
International Business Machines Corporation, Armonk, NY (US);
Abstract
A technique for threat response associated with an endpoint detection and response (EDR) system. The system uses a combination of automated observable detection, threat intelligence enrichment, graph analysis, and supervised machine learning to machine-predict analyst behavior in classifying (as 'true' or ‘false’ positives) the EDR alerts, and to support either (i) automated suppression of those alerts that the system classifies with sufficient confidence as either true or false, or (ii) for those alerts than cannot be so classified, the providing of recommendations to analysts to facilitate their activities. Auto-detection of observables for graph-based feature detection, together with the automated disposition of alerts where possible greatly reduces overall analyst workload for the EDR system. Further, and even where a machine-based prediction does not have sufficient confidence to enable bypassing the analyst, the system provides the analyst with additional context and enrichment to facilitate expedited (or at least more efficient) alert handling.