Management of administrative incident response based on environmental characteristics associated with a security incident
First Claim
1. A method of managing service level agreements (SLAs) for security incidents in a computing environment, the method comprising:
- identifying a rule set for a security incident of the security incidents wherein the rule set is associated with one or more action recommendations to be taken against the security incident;
identifying a default SLA for the security incident based on the rule set, wherein the default SLA comprises a default hierarchy of administrators for the security incident;
obtaining environmental characteristics related to the security incident, wherein the environmental characteristics comprise at least a severity level of the security incident;
determining a modified SLA for the security incident based on the environmental characteristics, wherein the modified SLA comprises a second hierarchy of administrators for the security incident, and wherein the modified SLA is based on the severity level of the security incident;
providing the one or more action recommendations to administrators based on the second hierarchy of administrators of the modified SLA; and
obtaining input from at least one administrator in the second hierarchy of administrators regarding at least one action recommendation of the one or more action recommendations.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and software described herein provide for managing service level agreements (SLAs) for security incidents in a computing environment. In one example, an advisement system identifies a rule set for a security incident based on enrichment information obtained for the security incident, wherein the rule set is associated with action recommendations to be taken against the incident. The advisement system further identifies a default SLA for the security incident based on the rule set, and obtains environmental characteristics related to the security incident. Based on the environmental characteristics, the advisement system determines a modified SLA for the security incident.
60 Citations
20 Claims
-
1. A method of managing service level agreements (SLAs) for security incidents in a computing environment, the method comprising:
-
identifying a rule set for a security incident of the security incidents wherein the rule set is associated with one or more action recommendations to be taken against the security incident; identifying a default SLA for the security incident based on the rule set, wherein the default SLA comprises a default hierarchy of administrators for the security incident; obtaining environmental characteristics related to the security incident, wherein the environmental characteristics comprise at least a severity level of the security incident; determining a modified SLA for the security incident based on the environmental characteristics, wherein the modified SLA comprises a second hierarchy of administrators for the security incident, and wherein the modified SLA is based on the severity level of the security incident; providing the one or more action recommendations to administrators based on the second hierarchy of administrators of the modified SLA; and obtaining input from at least one administrator in the second hierarchy of administrators regarding at least one action recommendation of the one or more action recommendations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus to manage service level agreements (SLAs) for security incidents in a computing environment, the apparatus comprising:
-
one or more non-transitory computer readable storage media; and processing instructions stored on the one or more non-transitory computer readable storage media that, when executed by a processing system, direct the processing system to; identify a rule set for a security incident of the security incidents, wherein the rule set is associated with one or more action recommendations to be taken against the security incident; identify a default SLA for the security incident based on the rule set, wherein the default SLA comprises a default hierarchy of administrators for the security incident; obtain environmental characteristics related to the security incident, wherein the environmental characteristics comprise at least a severity level of the security incident; determine a modified SLA for the security incident based on the environmental characteristics, wherein the modified SLA comprises a second hierarchy of administrators for the security incident, and wherein the modified SLA is based on the severity level of the security incident and the default SLA; provide the one or more action recommendations to administrators based on the second hierarchy of administrators of the modified SLA; and obtain input from at least one administrator in the second hierarchy of administrators regarding at least one action recommendation of the one or more action recommendations. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computing system to manage service level agreements (SLAs) for security incidents in a computing environment, the computing system comprising:
-
one or more non-transitory computer readable storage media; a processing system operatively coupled to the one or more non-transitory computer readable storage media; and processing instructions stored on the one or more non-transitory computer readable storage media that, when executed by a processing system, direct the processing system to; identify a rule set for a security incident of the security incidents based on enrichment information obtained for the security incident, wherein the rule set is associated with one or more action recommendations to be taken against the security incident; identify a default SLA for the security incident based on the rule set, wherein the default SLA comprises a default hierarchy of administrators for the security incident; obtain environmental characteristics related to the security incident, wherein the environmental characteristics comprise at least a severity level of the security incident; determine a modified SLA for the security incident based on the environmental characteristics, wherein the modified SLA comprises a second hierarchy of administrators for the security incident, and wherein the modified SLA is based on the severity level of the security incident and the default SLA; provide the one or more action recommendations to administrators based on the second hierarchy of administrators of the modified SLA; and obtain input from at least one administrator in the second hierarchy of administrators regarding at least at least one action recommendation of the one or more action recommendations. - View Dependent Claims (18, 19, 20)
-
Specification