Bank of America Corporation
Dynamic Threat Actionability Determination and Control System

Abstract:

Arrangements for dynamically determining actionability of incidents of compromise are provided. In some examples, a plurality of threat intelligence data feeds may be received. The feeds may be analyzed to identify one or more incidents of compromise. In some examples, each incident of compromise may be further evaluated to identify an intelligence type associated with the incident of compromise. Based on the intelligence type, system logs may be evaluated to determine whether they include an occurrence of the incident of compromise. If so, the incident of compromise may be identified as actionable. If not, the incident of compromise may be identified as inactionable. In some examples, additional information associated with actionable incidents of compromise may be retrieved and evaluated to prioritize further processing of the actionable incident of compromise. The actionable incident of compromise, as well as other information, may then be further processed to identify and execute mitigating actions, and the like.