US Patent Application 17733155. OBSERVATION STREAM ENGINE IN A SECURITY MANAGEMENT SYSTEM simplified abstract
Contents
OBSERVATION STREAM ENGINE IN A SECURITY MANAGEMENT SYSTEM
Organization Name
MICROSOFT TECHNOLOGY LICENSING, LLC
Inventor(s)
Gueorgui Bonov Chkodrov of Redmond WA (US)
Ryan John Littlefield of Cheltenham (GB)
Jeffrey Scott Shaw of Cheltenham (GB)
Zane Alexander Coppedge of Sedona AZ (US)
Dan Alexandru Nicolescu of Bellevue WA (US)
Anitta M Miller of Bellevue WA (US)
Justin Matthew Powell of Seattle WA (US)
OBSERVATION STREAM ENGINE IN A SECURITY MANAGEMENT SYSTEM - A simplified explanation of the abstract
This abstract first appeared for US patent application 17733155 titled 'OBSERVATION STREAM ENGINE IN A SECURITY MANAGEMENT SYSTEM
Simplified Explanation
- This patent application describes a method, system, and computer storage media for providing observation stream data of security incidents using an observation stream engine in a security management system. - The observation stream framework continuously generates and presents observation stream data to help develop a working hypothesis of an active security incident. - The framework includes observation stream query-types that can be used to run queries against multiple security data sources. - Users can access and execute observation stream queries, which are user-generated queries associated with specific query-types. - The observation stream query-type includes parameters for querying security data sources and dynamically tracking a security incident. - When an observation stream query is executed, observation stream data is generated. - The observation stream data is then displayed on an observation stream interface, which includes data visualizations of the observation stream data.
Original Abstract Submitted
Methods, systems, and computer storage media for providing observation stream data of security incidents using an observation stream engine in a security management system. An observation stream framework supports continuously generating and presenting observation stream data that facilitates developing a working hypothesis of an active security incident. The observation stream framework can also include observation stream query-types that can be selected for running queries against a plurality of security data sources. In operation, an observation stream query is accessed. The observation stream query is a user-generated observation stream query associated with an observation stream query-type. The observation stream query-type comprises parameters for querying a plurality of security data sources and dynamic tracking of a security incident. The observation stream query is executed and observation stream data is generated. The observation stream data is caused to be displayed on an observation stream interface comprising data visualizations of the observation stream data.
- MICROSOFT TECHNOLOGY LICENSING, LLC
- Gueorgui Bonov Chkodrov of Redmond WA (US)
- Ryan John Littlefield of Cheltenham (GB)
- Jeffrey Scott Shaw of Cheltenham (GB)
- Zane Alexander Coppedge of Sedona AZ (US)
- Ying Qian of Bellevue WA (US)
- Dan Alexandru Nicolescu of Bellevue WA (US)
- Anitta M Miller of Bellevue WA (US)
- Khoi Hong of Seattle WA (US)
- Justin Matthew Powell of Seattle WA (US)
- G06F16/2455
- G06F16/21
- G06F16/28