Translating security actions to action procedures in an advisement system
First Claim
1. A method of operating a processing system of an advisement system to implement security actions for a computing environment comprising a plurality of computing assets, the method comprising:
- providing security incident information to an administrator associated with the computing environment, wherein the security incident information comprises asset identifiers for assets related to a security incident and enrichment information for the security incident obtained from internal or external sources;
in response to providing the security incident information, identifying a user generated security action in a command language for the computing environment;
obtaining enrichment information from one or more internal or external sources;
translating the security action in the command language to one or more action procedures based on the enrichment information; and
initiating implementation of the one or more action procedures in the one or more computing assets.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.
-
Citations
30 Claims
-
1. A method of operating a processing system of an advisement system to implement security actions for a computing environment comprising a plurality of computing assets, the method comprising:
-
providing security incident information to an administrator associated with the computing environment, wherein the security incident information comprises asset identifiers for assets related to a security incident and enrichment information for the security incident obtained from internal or external sources; in response to providing the security incident information, identifying a user generated security action in a command language for the computing environment; obtaining enrichment information from one or more internal or external sources; translating the security action in the command language to one or more action procedures based on the enrichment information; and initiating implementation of the one or more action procedures in the one or more computing assets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable storage medium storing instructions which, when executed by one or more processors, cause performance of operations comprising:
-
providing security incident information to an administrator associated with a computing environment, wherein the security incident information comprises asset identifiers for assets related to a security incident and enrichment information for the security incident obtained from internal or external sources; in response to providing the security incident information, identifying a user generated security action in a command language for the computing environment; obtaining enrichment information from one or more internal or external sources; translating the security action in the command language to one or more action procedures based on the enrichment information; and initiating implementation of the one or more action procedures in one or more computing assets. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus, comprising:
-
one or more processors; a non-transitory computer-readable storage medium storing instructions which, when executed by the one or more processors, causes the apparatus to; provide security incident information to an administrator associated with a computing environment, wherein the security incident information comprises asset identifiers for assets related to a security incident and enrichment information for the security incident obtained from internal or external sources; in response to providing the security incident information, identify a user generated security action in a command language for the computing environment; obtain enrichment information from one or more internal or external sources; translate the security action in the command language to one or more action procedures based on the enrichment information; and initiate implementation of the one or more action procedures in one or more computing assets. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification