Browse Prior Art Database

CONTEXT AWARE WORKFLOW PIVOT

IP.com Disclosure Number: IPCOM000250457D
Publication Date: 2017-Jul-19
Document File: 3 page(s) / 375K

Publishing Venue

The IP.com Prior Art Database

Related People

Wayne McDilda: AUTHOR [+5]

Abstract

A browser plugin is provided that searches a web page for security content (e.g., Internet Protocol address, email address, etc.) and highlights the text. The user selects the workflow and the highlighted information is sent to the next tool in the workflow creating the pivot.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 53% of the total text.

Copyright 2017 Cisco Systems, Inc. 1

CONTEXT AWARE WORKFLOW PIVOT

AUTHORS: Wayne McDilda

Randy Jones Mike Holloway

Dale Clark Theodore Gates

CISCO SYSTEMS, INC.

ABSTRACT

A browser plugin is provided that searches a web page for security content (e.g.,

Internet Protocol address, email address, etc.) and highlights the text. The user selects the

workflow and the highlighted information is sent to the next tool in the workflow creating

the pivot.

DETAILED DESCRIPTION

In security operations centers, operators use many tools on a daily basis. These tools

do not identify context, provide workflow, or share data. Furthermore, the operator is not

made aware of tools available for purchase that could be useful. As such, techniques are

provided that highlight important information, permit sharing data with other installed and

available tools, and pivot (send) the relevant information to the appropriate tool. This

consolidates the security tools experience based on how a user utilizes the data.

A solution is presented herein in the form of a virtual heads-up display for accessing

the appropriate security tool for the activity in which the user is engaged. By providing a

simple overlay consistent with any webpage, the security related terms (e.g., Internet

Protocol (IP) addresses, domain names, email addresses, etc.) may be identified, thus

providing intuitive workflow assistance and data integration. This enables adding

workflow entries to the overlay.

These techniques may be implemented as a Firefox® plugin written in JavaScript®.

A pattern matching plugin may be used to examine data on a page for security related

information (e.g., IP address, Domain Name Server (DNS) name, email address, Uniform

Resource Locator (URL), domain name, file hash, etc.). This information may be

Copyright 2017 Cisco Systems, Inc. 2

automatically highlighted to bring to the attention of the user. The user may select the

highlighted information, prompting a pop-up list of elements. The user may select an

element, and a list of context aware workflows may be presented. The workflow action that

may be taken for the corresponding piece of information may be presented (e.g. “What is

the location of the highlighted IP address in the physical world?”).

A set of unique hyperlinks to the user-installed security tools may be provided.

When the tool is selected, the highlighted information may be sent to the appropriate link

and the data is acted on (e.g., by looking up the highlig...