Abstract: An example embodiment performed by a scoped software application executable on a computing device of a computational instance of a remote network management platform may involve: requesting and receiving, from an application database associated with a third-party software application, alert rules that trigger alerts when associated events occur in a managed network; receiving data representing selection of a set of the alert rules and, based on the data, requesting and receiving, from the application database, a set of past alerts that have been triggered by the set of the alert rules; using mapping data to map fields of the set of the past alerts to fields of a sample security incident record; displaying a preview region including the sample security incident record; using the mapping data to create security incident records that map to the set of the past alerts; and writing, to a security incident database, the security incident records.

Abstract: An example embodiment performed by a scoped software application executable on a computing device of a computational instance of a remote network management platform may involve: requesting and receiving, from an application database associated with a third-party software application, alert rules that trigger alerts when associated events occur in a managed network; receiving data representing selection of a set of the alert rules and, based on the data, requesting and receiving, from the application database, a set of past alerts that have been triggered by the set of the alert rules; using mapping data to map fields of the set of the past alerts to fields of a sample security incident record; displaying a preview region including the sample security incident record; using the mapping data to create security incident records that map to the set of the past alerts; and writing, to a security incident database, the security incident records.

Abstract: An example embodiment performed by a scoped software application executable on a computing device of a computational instance of a remote network management platform may involve: requesting and receiving, from an application database associated with a third-party software application, alert rules that trigger alerts when associated events occur in a managed network; receiving data representing selection of a set of the alert rules and, based on the data, requesting and receiving, from the application database, a set of past alerts that have been triggered by the set of the alert rules; using mapping data to map fields of the set of the past alerts to fields of a sample security incident record; displaying a preview region including the sample security incident record; using the mapping data to create security incident records that map to the set of the past alerts; and writing, to a security incident database, the security incident records.

Abstract: The present disclosure relates generally to firewall configuration management, and, more specifically, to managing firewall configurations using dynamically generated block lists. A computer-implemented method includes adding an entry as a record in a block list entries table and associating the entry with a block list in a block list table and with an observable in an observables table. The method also includes activating the entry in the block list entries table to allow or block subsequent occurrences of the observable on a client network. The method further includes receiving a request for the block list from a firewall disposed on the client network and, in response, generating the block list from activated entries in the block list table and block list entries table and sending the block list to the firewall, wherein the firewall is configured to allow or block network traffic associated with the observable on the client network in accordance with the block list.

Abstract: An example embodiment performed by a scoped software application executable on a computing device of a computational instance of a remote network management platform may involve: requesting and receiving, from an application database associated with a third-party software application, alert rules that trigger alerts when associated events occur in a managed network; receiving data representing selection of a set of the alert rules and, based on the data, requesting and receiving, from the application database, a set of past alerts that have been triggered by the set of the alert rules; using mapping data to map fields of the set of the past alerts to fields of a sample security incident record; displaying a preview region including the sample security incident record; using the mapping data to create security incident records that map to the set of the past alerts; and writing, to a security incident database, the security incident records.

Abstract: The present disclosure relates generally to firewall configuration management, and, more specifically, to managing firewall configurations using dynamically generated block lists. A computer-implemented method includes adding an entry as a record in a block list entries table and associating the entry with a block list in a block list table and with an observable in an observables table. The method also includes activating the entry in the block list entries table to allow or block subsequent occurrences of the observable on a client network. The method further includes receiving a request for the block list from a firewall disposed on the client network and, in response, generating the block list from activated entries in the block list table and block list entries table and sending the block list to the firewall, wherein the firewall is configured to allow or block network traffic associated with the observable on the client network in accordance with the block list.

Abstract: A method and apparatus for selectively removing a data element that triggers a policy violation from a web request to an interactive website. In one method, the method identifies a policy for protecting source data, having a plurality of data elements. The method further evaluates a web request sent to an interactive website as part of a web-based application, and determines that the web request includes at least one data element triggering a violation of the policy. The method determines the data boundaries of the web request, and selectively removes data content within the data boundaries containing the at least one data element that triggered the violation to allow the web request to be processed by the interactive website as if it were the original web request containing the at least one data element.

Abstract: A method and apparatus for selectively removing a data element that triggers a policy violation from a web request to an interactive website. In one embodiment, a computer-implemented method identifies a policy for protecting source data, having a plurality of data elements. The method further evaluates a web request sent to an interactive website as part of a web-based application, and determines that the web request includes at least one of the plurality of data elements triggering a violation of the policy. The method determines the data boundaries of the web request, and selectively removes data content within the data boundaries containing the at least one data element that triggered the violation to allow the web request to be processed by the interactive website as if it were the original web request containing the at least one data element.