The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
The vast majority of organizations today rely on computer networks for an increasingly wide variety of business operations. As the reliance on computer networks has grown, so too has the importance securing those networks against internal and external threats. To monitor and address such threats, organizations increasingly rely on security information and event management (SIEM) software and other applications to protect their networks.
A conventional network security application generally may provide a number of graphical user interfaces that present information about data generated by network devices and applications that comprise a particular computer network. Tasked with investigating one or more particular security incidents, a network security analyst typically may review and collect information from any number of the provided interfaces and other data sources over the course of an investigation. To gather and cross-reference the information collected from these disparate sources, analysts may often use a cumbersome assortment of third party applications (e.g., text editors, word processors, email clients, etc.), and even pen and paper, in an attempt to understand the nature of particular network security incidents. The result of using such applications to conduct security investigations often produces an inconsistent investigation report that is difficult to understand and share with others.