Observation stream engine in a security management system

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Gueorgui Chkodrov · Redmond, US
• Ryan Littlefield · Cheltenham, GB
• Jeffrey Scott Shaw · Cheltenham, GB
• Zane Alexander Coppedge · Sedona, US
• Ying Qian · Gatineau, CA
• Dan Alexandru Nicolescu · Bellevue, US
• Anitta Maria MILLER · Bellevue, US
• Khoi Hong · Seattle, US
• Justin Matthew Powell · Danvers, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04W12/12
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Methods, systems, and computer storage media for providing observation stream data of security incidents using an observation stream engine in a security management system. An observation stream framework supports continuously generating and presenting observation stream data that facilitates developing a working hypothesis of an active security incident. The observation stream framework can also include observation stream query-types that can be selected for running queries against a plurality of security data sources. In operation, an observation stream query is accessed. The observation stream query is a user-generated observation stream query associated with an observation stream query-type. The observation stream query-type comprises parameters for querying a plurality of security data sources and dynamic tracking of a security incident. The observation stream query is executed and observation stream data is generated. The observation stream data is caused to be displayed on an observation stream interface comprising data visualizations of the observation stream data.