| CPC G06F 16/24568 (2019.01) [G06F 16/211 (2019.01); G06F 16/285 (2019.01)] | 20 Claims |
|
1. A computerized system comprising:
one or more computer processors; and
computer memory storing computer-useable instructions that, when used by the one or more computer processors, cause the one or more computer processors to perform operations comprising:
accessing, at an observation stream engine, an observation stream query, the observation stream query is a user-generated observation stream query, wherein the observation stream query comprises parameters for querying a plurality of security data sources and performing dynamic tracking of a security incident;
causing execution of the observation stream query against the plurality of data security sources based on the parameters;
generating observation stream data associated with the observation stream query, the observation stream data provides an observation stream timeline associated with dynamic tracking of the security incident based on the observation stream data comprising security incidents with corresponding timestamps and user-defined interpretation data, wherein the user-defined interpretation data is generated based on a parameter from the observation stream query,
wherein generating the user-defined interpretation data comprises extracting a portion of raw observation stream data associated with monitoring the security incident across a plurality of computing resources to define the observation stream timeline; and
communicating the observation stream data to cause display of the observation stream data on an observation stream interface comprising graphical interface elements associated with the observation stream data.
|