Incident response using asset configuration data
First Claim
1. A method of improving security incident responses for a computing environment comprising a plurality of computing assets, the method comprising:
- in a processing system, maintaining asset configuration data for the plurality of computing assets, the asset configuration data comprising characteristics for each of the one or more computing assets;
in response to identifying a security incident in the computing environment, providing, for display, security incident information related to the security incident to an administrator associated with the computing environment;
identifying a selection of a security action from the administrator;
identifying one or more computing assets related to the security action;
identifying configuration data for the one or more computing assets from the maintained asset configuration data;
identifying one or more action procedures to support the selection based on the identified configuration data; and
initiating implementation of the one or more action procedures in the one or more computing assets.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.
68 Citations
20 Claims
-
1. A method of improving security incident responses for a computing environment comprising a plurality of computing assets, the method comprising:
-
in a processing system, maintaining asset configuration data for the plurality of computing assets, the asset configuration data comprising characteristics for each of the one or more computing assets; in response to identifying a security incident in the computing environment, providing, for display, security incident information related to the security incident to an administrator associated with the computing environment; identifying a selection of a security action from the administrator; identifying one or more computing assets related to the security action; identifying configuration data for the one or more computing assets from the maintained asset configuration data; identifying one or more action procedures to support the selection based on the identified configuration data; and initiating implementation of the one or more action procedures in the one or more computing assets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus to improve security incident responses for a computing environment comprising a plurality of computing assets, the apparatus comprising:
-
one or more non-transitory computer readable storage media; a processing system operatively coupled to the one or more non-transitory computer readable storage media; and processing instructions stored on the one or more non-transitory computer readable storage media that, when executed by the processing system, direct the processing system to; maintain asset configuration data for the plurality of computing assets, the asset configuration data comprising characteristics for each of the one or more computing assets; in response to identifying a security incident in the computing environment, provide, for display, security incident information related to the security incident to an administrator associated with the computing environment; identify a selection of a security action from the administrator; identify one or more computing assets related to the security action; identify configuration data for the one or more computing assets from the maintained asset configuration data; identify one or more action procedures to support the selection based on the identified configuration data; and initiate implementation of the one or more action procedures in the one or more computing assets. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus to improve security incident responses for a computing environment comprising a plurality of computing assets, the apparatus comprising:
-
one or more non-transitory computer readable storage media; and processing instructions stored on the one or more non-transitory computer readable storage media that, when executed by a processing system, direct the processing system to; maintain asset configuration data for the plurality of computing assets, the asset configuration data comprising characteristics for each of the one or more computing assets; in response to identifying a security incident in the computing environment, provide, for display, security incident information related to the security incident to an administrator associated with the computing environment; identify a selection of a security action from the administrator; identify one or more computing assets related to the security action; identify configuration data for the one or more computing assets from the maintained asset configuration data; identify one or more action procedures to support the action selection based on the identified configuration data; and initiate implementation of the one or more action procedures in the one or more computing assets. - View Dependent Claims (20)
-
Specification