Abstract: Techniques for generating a workflow diagram automatically from code are described herein. The diagram can be generated in real-time with code changes or as a batch-processing operation to generate drawings as documentation. An extent delineator is identified in the source code. Based on the location of that extent delineator, a determination is made that multiple lines of the source code share a relationship with one another. An extent is formed by grouping those lines together. An AST, which is based on the code, is accessed. Multiple AST nodes are identified. These nodes correspond to the extent. A flowchart is generated based on (i) the AST, (ii) the source code, and (iii) the extent delineator. One of the flowchart nodes commonly represents the multiple AST nodes corresponding to the extent. This flowchart node is annotated with text that generally describes that node's logic.

Abstract: Event-triggered forensics capture technologies balance security incident data availability against data processing and storage costs. A forensic correlation engine receives basic status data of a monitored computing system. A forensic computing system detects a trigger event in the basic status data, and starts capturing extended status data per a corresponding capture specification. Captured data is submitted to a forensic analysis tool. Different trigger events may cause different data captures. A query specifying which data to capture from a live stream or from virtual machines may operate as a capture trigger start event. Extended status data capture activity may be stopped by a change in the basic status data being received, by a timeout, or by forensic analysis that finds no vulnerability or threat based on captured data. Data transfers and storage may be restricted to comply with privacy regulations or policies.

Abstract: Disclosed herein is a system for generating and displaying information useful to help a security analyst understand a scale and a root cause of a potential security issue associated with a resource. The resource can include a server, a storage device, a user device (e.g., a personal computer, a tablet computer, a smartphone, etc.), a virtual machine, networking equipment, etc. The resource may be one that is under control of an entity operating a security operations center. Additionally or alternatively, the resource may be one that is configured to be monitored by the security operations center. The information provides the security analyst with a broader context of the potential security issue based on relationships between the potential security issues and other security issues. Consequently, the information enables the security analyst to implement more efficient and effective actions to handle the potential security issue.

Abstract: Disclosed herein is a system for generating and displaying information useful to help a security analyst understand a scale and a root cause of a potential security issue associated with a resource. The resource can include a server, a storage device, a user device (e.g., a personal computer, a tablet computer, a smartphone, etc.), a virtual machine, networking equipment, etc. The resource may be one that is under control of an entity operating a security operations center. Additionally or alternatively, the resource may be one that is configured to be monitored by the security operations center. The information provides the security analyst with a broader context of the potential security issue based on relationships between the potential security issues and other security issues. Consequently, the information enables the security analyst to implement more efficient and effective actions to handle the potential security issue.