Field of Art
The disclosure generally relates to the field of cyber-threat detection.
Description of Art
Cyber-threat detection is an integral part of the security infrastructure of an online system. A key part of a typical threat detection system is threat intelligence feeds—feeds that indicate entities that are associated with suspicious behaviors. Information from the threat intelligence feeds is then compared against event information collected from the online system to determine whether any of the events may be associated with cyber-threats. In some cases, the threat intelligence feeds may include information that causes events that are otherwise harmless to incorrectly be flagged as cyber-threats. This imposes an unnecessary investigatory burden on the operators of the online system because of the false positives or false negatives stemming from incorrect information.