Geo-mapping system security events
First Claim
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identify a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system;
identify that a particular grouping of network assets in a plurality of asset groupings includes the particular computing device, wherein each of the plurality of asset groupings comprises a respective logical grouping of devices defined for the particular computing system;
identify a source of the particular security event, wherein the source is associated with at least one second computing device;
associate the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and
generate data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation to include;
a first graphical element to represent the particular grouping of network assets in which the particular computing device is included, and a second graphical element to represent the source associated with the at least one of a geographic location and a grouping of assets included in the plurality of asset groupings, wherein graphic elements representing an association with a respective graphical location are to be presented overlaid on a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map.
10 Assignments
0 Petitions
Accused Products
Abstract
A particular security event is identified that has been detected as targeting a particular computing device included in a particular computing system. A particular grouping of assets in a plurality of asset groupings within the particular computing system is identified as including the particular computing device. A source of the particular security event is also identified and at least one of a geographic location and a grouping of assets in the plurality of asset groupings is associated with the identified source. Data is generated that is adapted to cause a presentation of a graphical representation of the particular security event on a display device, the graphical representation including a first graphical element representing the particular computing device as included in the particular grouping of assets and a second graphical element representing the source associated with the at least one of a geographic location and a grouping of assets.
149 Citations
22 Claims
-
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
identify a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system; identify that a particular grouping of network assets in a plurality of asset groupings includes the particular computing device, wherein each of the plurality of asset groupings comprises a respective logical grouping of devices defined for the particular computing system; identify a source of the particular security event, wherein the source is associated with at least one second computing device; associate the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and generate data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation to include;
a first graphical element to represent the particular grouping of network assets in which the particular computing device is included, and a second graphical element to represent the source associated with the at least one of a geographic location and a grouping of assets included in the plurality of asset groupings, wherein graphic elements representing an association with a respective graphical location are to be presented overlaid on a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
identifying a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system; identifying that a particular grouping of network assets in a plurality of asset groupings includes the particular computing device, wherein each of the plurality of asset groupings comprises a respective logical grouping of devices defined for the particular computing system; identifying a source of the particular security event, wherein the source is associated with at least one second computing device; associating the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and generating data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation including;
a first graphical element representing the particular grouping of network assets in which the particular computing device is included, and a second graphical element representing the source associated with the at least one of a geographic location and a grouping of assets included in the plurality of asset groupings, wherein graphic elements representing an association with a respective graphical location are to be presented overlaid on a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map.
-
-
21. A system comprising:
-
at least one processor device; at least one memory element; and a geo-mapping engine, adapted when executed by the at least one processor device to; identify a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system; identify that a particular grouping of network assets in a plurality of asset groupings includes the particular computing device, wherein each of the plurality of asset groupings comprises a respective logical grouping of devices defined for the particular computing system; identify a source of the particular security event, wherein the source is associated with at least one second computing device; associate the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and generate data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation including;
a first graphical element representing the particular grouping of network assets in which the particular computing device is included, and a second graphical element representing the source associated with the at least one of a geographic location and a grouping of assets included in the plurality of asset groupings, wherein graphic elements representing an association with a respective graphical location are to be presented overlaid on a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map.
-
-
22. A method comprising:
-
identifying a particular security event detected in a particular computing system, the particular security event detected as involving a particular computing device included in the particular computing system and targeting at least one second computing device outside the computing system; identifying that a particular grouping of network assets in a plurality of asset groupings includes the particular computing device, wherein each of the plurality of asset groupings comprises a respective logical grouping of devices defined for the particular computing system; associating the second computing device with a geographic location; and generating data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation including;
a first graphical element representing the particular grouping of network assets as a source of the particular security event based on inclusion of the particular computing device in the particular grouping of network assets, and a second graphical element representing the second computing device associated with the geographic location and overlaid on a portion of a representation of a geographical map corresponding to the geographic location, wherein graphic elements representing an association with a respective graphical location are to be presented overlaid on a view of a geographic map and graphic elements representing a respective grouping of assets are presented outside the view of the geographic map.
-
Specification