Distributive Security Investigation
First Claim
Patent Images
1. A method comprising:
- identifying a first security issue;
creating a first request comprising at least one asset identifier, said asset identifier referring to an asset related to said first security issue;
transmitting said first request to a plurality of devices;
receiving at least one response from at least one of said plurality of devices, said response comprising data relating to said first request;
creating a case object; and
storing at least a portion of said data in said case object.
2 Assignments
0 Petitions
Accused Products
Abstract
A security investigation system uses a central server to distribute requests for security information regarding an asset, receive responses, and manage the information in the responses in a case object. Requests may be distributed to various servers, each of which may have an agent that may receive the request, search various databases, logs, and other locations, and generate a response. A case object may be continually updated in some embodiments. The case object may be viewed, analyzed, and other requests generated using automated or manual tools. A case object may be sanitized for analysis without compromising sensitive information.
-
Citations
20 Claims
-
1. A method comprising:
-
identifying a first security issue; creating a first request comprising at least one asset identifier, said asset identifier referring to an asset related to said first security issue; transmitting said first request to a plurality of devices; receiving at least one response from at least one of said plurality of devices, said response comprising data relating to said first request; creating a case object; and storing at least a portion of said data in said case object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a database comprising security states for each of a plurality of monitored devices; a monitoring system configured to receive security alerts relating to one or more of said plurality of monitored devices; a case management system comprising; a request generation system configured to generate a request based on at least one of said security alerts, said request comprising an asset identifier; a transmission system configured to transmit said request to a plurality of devices; a response reception system configured to receive a response from at least one of said plurality of devices; and an analysis system configured to store at least a portion of said response in a case object. - View Dependent Claims (15, 16, 17)
-
-
18. A computer readable storage medium comprising computer executable instructions configured to perform a method comprising:
-
receiving a selection of a first security issue from a plurality of security issues; create a first case object; creating a first request comprising at least one asset identifier, said asset identifier referring to an asset related to said first security issue; transmitting said first request to a plurality of devices; receiving at least one response from at least one of said plurality of devices, said response comprising data relating to said first request; storing at least a portion of said data in said case object; and presenting at least a portion of said first case object on a user interface. - View Dependent Claims (19, 20)
-
Specification