| CPC G06F 16/24561 (2019.01) [G06F 16/2448 (2019.01); G06F 16/24539 (2019.01); G06F 16/2471 (2019.01); H04L 63/1433 (2013.01)] | 33 Claims |
|
1. A method of operating a component, comprising:
generating a domain-specific language (DSL) query comprising an ordered set of data source-specific queries that comprises a set of chained data source-specific queries,
wherein the set of chained data source-specific queries comprises a first data source-specific query and a second data source-specific query that is configured to be executed after the first data source-specific query, with the second data source-specific query being chained to the first data source-specific query via a first field of the second data source-specific query that is linked to a first intermediate result of the first data source-specific query;
executing the DSL query to derive a set of results comprising a DSL query result associated with the set of chained data source-specific queries, and a set of intermediate results associated with the set of chained data source-specific queries;
reporting information associated with the set of results; and
scanning the set of intermediate results to detect an attack chain stage associated with an intrusion,
wherein the first data source-specific query is associated with a first data source and the second data source-specific query is associated with a second data source that is different than the first data source, and
wherein the first data source is a region and the second data source is a virtual private cloud, or the first data source is the virtual private cloud and the second data source is a private subnet, or the first data source is the private subnet and the second data source is a target group of instances.
|