An increasing number of threats exist in the modern computerized society. These threats may include viruses or other malware that attack a local computer of an end user, or sophisticated cyber-attacks to gather data from or otherwise infiltrate a complex information technology (IT) environment. Such IT environments include real and virtual computing devices executing various applications used to provide a variety of services, such as data routing and storage, cloud processing, web sites and services, amongst other possible services. To protect applications and services, various antivirus, encryption, and firewall tools may be used across an array of computing devices and operating systems, such as Linux® and Microsoft Windows®.
IT environments may employ a variety of computing components with different hardware and software configurations to provide the desired operation. These computing components may include end user computing devices, host computing devices, virtual machines, switches, routers, and the like. However, as more computing components are added to an IT environment, those same components become available as targets of potential security threats or incidents. The increasing number computing components in combination with limited administrative personnel and resources can make it difficult to manage the investigation and remediation of potential threats. Even with ample administrators or analyst users, it can be cumbersome to coordinate the investigation and remediation efforts.