CPC H04L 63/20 (2013.01) [G06F 9/451 (2018.02); G06F 9/54 (2013.01); G06F 16/245 (2019.01); H04L 9/0643 (2013.01); H04L 63/0281 (2013.01); H04L 63/0442 (2013.01)] | 18 Claims |
1. A computer-implemented method, comprising:
sending, by an information technology (IT) and security operations application running in a cloud provider network, and to an on-premises action execution agent running in an on-premises network that is external to the cloud provider network, an application programming interface (API) token associated with an account to be used by the on-premises action execution agent to interact with the IT and security operations application;
identifying, by the IT and security operations application, an incident involving one or more of a plurality of computing resources located in the on-premises network;
identifying an action to be executed to mitigate the incident, wherein executing the action includes causing a computing resource in the on-premises network to perform the action, and wherein an on-premises action execution agent running in the on-premises network causes the computing resource to perform the action using configuration information that enables the on-premises action execution agent to communicate with the computing resource; and
sending, to the on-premises action execution agent, a request to execute the action;
receiving, from the on-premises action execution agent, a response including results information based on executing the action, wherein the response includes the API token associated with the account;
authenticating, based on the API token, the request as being associated with the account; and
updating data associated with the incident based on the results information.
|