Incident response automation engine
First Claim
1. A method of operating a processing system of an advisement system to implement security actions for a computing environment comprising a plurality of computing assets, the method comprising:
- providing security incident information to an administrator associated with the computing environment, wherein the security incident information comprises asset identifiers for assets related to a security incident and enrichment information for the security incident obtained from internal or external sources;
in response to providing the security incident information, identifying a user generated security action in a command language for the computing environment;
identifying one or more computing assets related to the security action;
obtaining hardware and software characteristics for the one or more computing assets;
translating the security action in the command language to one or more action procedures based on the hardware and software characteristics; and
initiating implementation of the one or more action procedures in the one or more computing assets.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.
-
Citations
14 Claims
-
1. A method of operating a processing system of an advisement system to implement security actions for a computing environment comprising a plurality of computing assets, the method comprising:
-
providing security incident information to an administrator associated with the computing environment, wherein the security incident information comprises asset identifiers for assets related to a security incident and enrichment information for the security incident obtained from internal or external sources; in response to providing the security incident information, identifying a user generated security action in a command language for the computing environment; identifying one or more computing assets related to the security action; obtaining hardware and software characteristics for the one or more computing assets; translating the security action in the command language to one or more action procedures based on the hardware and software characteristics; and initiating implementation of the one or more action procedures in the one or more computing assets. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus to manage security actions for a computing environment comprising a plurality of computing assets, the apparatus comprising:
-
one or more non-transitory computer readable media; and processing instructions stored on the one or more non-transitory computer readable media that, when executed by a processing system, direct the processing system to; provide security incident information to an administrator associated with the computing environment, wherein the security incident information comprises asset identifiers for assets related to a security incident and enrichment information for the security incident obtained from internal or external sources; in response to providing the security incident information, identify a user generated security action in a command language for the computing environment; identify one or more computing assets related to the security action; obtain hardware and software characteristics for the one or more computing assets; translate the security action in the command language to one or more action procedures based on the hardware and software characteristics; and initiate implementation of the one or more action procedures in the one or more computing assets. - View Dependent Claims (7, 8, 9)
-
-
10. A computing apparatus to manage security actions for a computing environment comprising a plurality of computing assets, the apparatus comprising:
-
one or more non-transitory computer readable media; a processing system operatively coupled to the one or more non-transitory computer readable media; and processing instructions stored on the one or more non-transitory computer readable media that, when executed by the processing system, direct the processing system to at least; provide security incident information to an administrator associated with the computing environment, wherein the security incident information comprises asset identifiers for assets related to a security incident and enrichment information for the security incident obtained from internal or external sources; in response to providing the security incident information, identify a user generated security action in a command language for the computing environment; identify one or more computing assets related to the security action; obtain hardware and software characteristics for the one or more computing assets; translate the security action in the command language to one or more action procedures based on the hardware and software characteristics; and initiate implementation of the one or more action procedures in the one or more computing assets. - View Dependent Claims (11, 12, 13, 14)
-
Specification