Integrating security policy and event management
First Claim
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identify a plurality of security events detected in a computing system, each security event in the plurality of security events based on at least one policy in a plurality of security policies defined for the computing system;
present a first representation of the plurality of security events in an interactive graphical user interface, wherein the first representation of the plurality of security events includes a plurality of selectable event elements, each event element representing at least one security event in the plurality of security events;
receive, via the interactive graphical user interface, a user selection of a particular event element presented in the first representation;
identify a subset of the plurality of security policies, each security policy in the subset serving as a basis for at least one particular security event represented by the particular event element; and
present, in the interactive graphical user interface, based on the user selection, a listing of the subset of security policies based on the user selection of the particular event element.
13 Assignments
0 Petitions
Accused Products
Abstract
A plurality of security events is detected in a computing system, each security event based on at least one policy in a plurality of security policies. Respective interactive graphical representations are presented in a graphical user interface (GUI) of either or both of the security events or security policies. The representations include interactive graphical elements representing the respective security events or security policies. User selection of a particular event element via the interactive GUI causes a subset of the security policies to be identified, each security policy in the subset serving as a basis for at least one particular security event represented by the particular event element. User selection of a particular policy element via the interactive GUI causes a subset of the security policies to be identified, each security event in the subset based at least in part on a particular security policy represented by the particular policy element.
28 Citations
21 Claims
-
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
identify a plurality of security events detected in a computing system, each security event in the plurality of security events based on at least one policy in a plurality of security policies defined for the computing system; present a first representation of the plurality of security events in an interactive graphical user interface, wherein the first representation of the plurality of security events includes a plurality of selectable event elements, each event element representing at least one security event in the plurality of security events; receive, via the interactive graphical user interface, a user selection of a particular event element presented in the first representation; identify a subset of the plurality of security policies, each security policy in the subset serving as a basis for at least one particular security event represented by the particular event element; and present, in the interactive graphical user interface, based on the user selection, a listing of the subset of security policies based on the user selection of the particular event element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
identifying a plurality of security events detected in a computing system, each security event in the plurality of security events based on at least one policy in a plurality of security policies defined for the computing system; presenting a first representation of the plurality of security events in an interactive graphical user interface, wherein the first representation of the plurality of security events includes a plurality of selectable event elements, each event element representing at least one security event in the plurality of security events; receiving, via the interactive graphical user interface, a user selection of a particular event element presented in the first representation; identifying a subset of the plurality of security policies, each security policy in the subset serving as a basis for at least one particular security event represented by the particular event element; and presenting, in the interactive graphical user interface, based on the user selection, a listing of the subset of security policies based on the user selection of the particular event element.
-
-
21. A system comprising:
-
at least one processor device; at least one memory element; and a security event user interface engine, comprising logic when executed by the at least one processor device to; identify a plurality of security events detected in a computing system, each security event in the plurality of security events based on at least one policy in a plurality of security policies defined for the computing system; present a first representation of at least a portion of the plurality of security policies in an interactive graphical user interface, wherein the first representation of the portion of security policies includes a plurality of selectable policy elements, each policy element representing at least one security policy in the plurality of security policies; receive, via the interactive graphical user interface, a user selection of a particular policy element presented in the first representation; identify a subset of the plurality of security events, each security event in the subset based at least in part on at least one particular security policy represented by the particular policy element; and present, in the interactive graphical user interface, based on the user selection, a listing of the subset of the plurality of security events based on the user selection of the particular policy element.
-
Specification