OBSERVATION STREAM ENGINE IN A SECURITY MANAGEMENT SYSTEM

Organization Name

MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor(s)

Gueorgui Bonov Chkodrov of Redmond WA (US)

Ryan John Littlefield of Cheltenham (GB)

Jeffrey Scott Shaw of Cheltenham (GB)

Zane Alexander Coppedge of Sedona AZ (US)

Ying Qian of Bellevue WA (US)

Dan Alexandru Nicolescu of Bellevue WA (US)

Anitta M Miller of Bellevue WA (US)

Khoi Hong of Seattle WA (US)

Justin Matthew Powell of Seattle WA (US)

OBSERVATION STREAM ENGINE IN A SECURITY MANAGEMENT SYSTEM - A simplified explanation of the abstract

This abstract first appeared for US patent application 17733155 titled 'OBSERVATION STREAM ENGINE IN A SECURITY MANAGEMENT SYSTEM

Simplified Explanation

- This patent application describes a method, system, and computer storage media for providing observation stream data of security incidents using an observation stream engine in a security management system. - The observation stream framework continuously generates and presents observation stream data to help develop a working hypothesis of an active security incident. - The framework includes observation stream query-types that can be used to run queries against multiple security data sources. - Users can access and execute observation stream queries, which are user-generated queries associated with specific query-types. - The observation stream query-type includes parameters for querying security data sources and dynamically tracking a security incident. - When an observation stream query is executed, observation stream data is generated. - The observation stream data is then displayed on an observation stream interface, which includes data visualizations of the observation stream data.

Original Abstract Submitted

Methods, systems, and computer storage media for providing observation stream data of security incidents using an observation stream engine in a security management system. An observation stream framework supports continuously generating and presenting observation stream data that facilitates developing a working hypothesis of an active security incident. The observation stream framework can also include observation stream query-types that can be selected for running queries against a plurality of security data sources. In operation, an observation stream query is accessed. The observation stream query is a user-generated observation stream query associated with an observation stream query-type. The observation stream query-type comprises parameters for querying a plurality of security data sources and dynamic tracking of a security incident. The observation stream query is executed and observation stream data is generated. The observation stream data is caused to be displayed on an observation stream interface comprising data visualizations of the observation stream data.