Geo-mapping system security events
First Claim
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identify a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system;
identify that a particular grouping of network assets in a plurality of asset groupings includes the particular computing device, wherein each of the plurality of asset groupings comprises a respective logical grouping of devices defined for the particular computing system;
identify a source of the particular security event, wherein the source is associated with at least one second computing device;
associate the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and
generate data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation to include;
a first graphical element to represent the particular grouping of network assets in which the particular computing device is included, and a second graphical element to represent the source associated with the at least one of a geographic location and a grouping of assets included in the plurality of asset groupings, wherein graphic elements representing an association with a respective graphical location are to be presented in conjunction with a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map.
9 Assignments
0 Petitions
Accused Products
Abstract
A source of the particular security event is identified that is associated with at least one second computing device, at least one of a geographic location, and a grouping of assets included in the plurality of asset groupings. A graphical representation of the particular security event is presented on a display device that includes: a first graphical element representing the particular grouping of network assets in which the particular computing device is included, and a second graphical element representing the source associated with one of a geographic location and a particular grouping of assets. Graphic elements representing an association with a respective graphical location are to be presented in conjunction with a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map.
30 Citations
21 Claims
-
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
identify a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system; identify that a particular grouping of network assets in a plurality of asset groupings includes the particular computing device, wherein each of the plurality of asset groupings comprises a respective logical grouping of devices defined for the particular computing system; identify a source of the particular security event, wherein the source is associated with at least one second computing device; associate the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and generate data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation to include;
a first graphical element to represent the particular grouping of network assets in which the particular computing device is included, and a second graphical element to represent the source associated with the at least one of a geographic location and a grouping of assets included in the plurality of asset groupings, wherein graphic elements representing an association with a respective graphical location are to be presented in conjunction with a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
identifying a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system; identifying that a particular grouping of network assets in a plurality of asset groupings includes the particular computing device, wherein each of the plurality of asset groupings comprises a respective logical grouping of devices defined for the particular computing system; identifying a source of the particular security event, wherein the source is associated with at least one second computing device; associating the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and generating data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation including;
a first graphical element representing the particular grouping of network assets in which the particular computing device is included, and a second graphical element representing the source associated with the at least one of a geographic location and a grouping of assets included in the plurality of asset groupings, wherein graphic elements representing an association with a respective graphical location are to be presented in conjunction with a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map.
-
-
21. A system comprising:
-
at least one processor device; at least one memory element; and a geo-mapping engine, adapted when executed by the at least one processor device to; identify a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system; identify that a particular grouping of network assets in a plurality of asset groupings includes the particular computing device, wherein each of the plurality of asset groupings comprises a respective logical grouping of devices defined for the particular computing system; identify a source of the particular security event, wherein the source is associated with at least one second computing device; associate the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and generate data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation including;
a first graphical element representing the particular grouping of network assets in which the particular computing device is included, and a second graphical element representing the source associated with the at least one of a geographic location and a grouping of assets included in the plurality of asset groupings, wherein graphic elements representing an association with a respective graphical location are to be presented in conjunction with a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map.
-
Specification