×

Managing workflows upon a security incident

  • US 9,871,818 B2
  • Filed: 04/17/2015
  • Issued: 01/16/2018
  • Est. Priority Date: 12/03/2014
  • Status: Active Grant
First Claim
Patent Images

1. A method of managing service level agreements (SLAs) for security incidents in a computing environment, the method comprising:

  • identifying a rule set for a security incident of the security incidents based on enrichment information obtained for the security incident, wherein the rule set is associated with one or more action recommendations to be taken against the security incident;

    identifying a default SLA for the security incident based on the rule set, wherein the default SLA comprises a default hierarchy of administrators for the security incident and a default set of one or more time periods for administrator security actions;

    obtaining environmental characteristics related to the security incident, wherein the environmental characteristics comprise at least a criticality rating of an asset associated with the security incident;

    determining a modified SLA for the security incident based on the environmental characteristics, wherein the modified SLA comprises a second hierarchy of administrators for the security incident and a second set of one or more time periods for administrator security actions;

    providing the one or more security actions to administrators based on the modified SLA; and

    obtaining input from at least one administrator, wherein the input comprises;

    an action selection of the one or more security actions;

    orfeedback regarding the one or more action recommendations, wherein the feedback comprises modifying the one or more action recommendations, removing an action recommendation from the one or more action recommendations, or deferring action selection to another administrator.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×