AUTOMATED RESPONSES TO SECURITY THREATS
First Claim
1. A method of operating an advisement system to provide default security actions in a computing environment, the method comprising:
- identifying a security incident for an asset in the computing environment;
in response to identifying the security incident, identifying enrichment information about the security incident;
determining a rule set for the security incident based on the enrichment information;
identifying an action response for the security incident based on the rule set; and
initiating implementation of the action response for the security incident in the computing environment.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and software described herein provide security actions to computing assets of a computing environment. In one example, a method of operating an advisement system to manage security actions for a computing environment includes identifying a security incident for an asset in the environment, and obtaining enrichment information about the security incident. The method further includes identifying a rule set based on the enrichment information, identifying an action response based on the rule set, and initiating implementation of the action response in the computing environment.
-
Citations
20 Claims
-
1. A method of operating an advisement system to provide default security actions in a computing environment, the method comprising:
-
identifying a security incident for an asset in the computing environment; in response to identifying the security incident, identifying enrichment information about the security incident; determining a rule set for the security incident based on the enrichment information; identifying an action response for the security incident based on the rule set; and initiating implementation of the action response for the security incident in the computing environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer readable storage medium having instructions stored thereon, that when executed by an advisement computing system, direct the advisement computing system to perform a method of providing default security actions in a computing environment comprising a plurality assets, the method comprising:
-
identifying a security incident for an asset in the computing environment; in response to identifying the security incident, identifying enrichment information about the security incident; determining a rule set for the security incident based on the enrichment information; identifying an action response for the security incident based on the rule set; and initiating implementation of the action response for the security incident in the computing environment. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An advisement system to manage security actions in a computing environment, the advisement system comprising:
-
a communication interface configured to; receive a security incident for an asset in the computing environment; a processing system, communicatively coupled to the communication interface, configured to; determine a rule set for the security incident based on the enrichment information; identify an action response for the security incident based on the rule set; and initiate implementation of the action response for the security incident in the computing environment. - View Dependent Claims (20)
-
Specification