Information technology (IT) environments often employ various computing components, both physical and virtual, to provide desired operations. These computing elements may include end user computing devices, host computing devices, containers, virtual machines, switches, routers, firewalls, and the like. To maintain efficient and effective operations of the IT environment, incident response services may be employed that can respond to various incidents within the IT environment. These incidents may include or be associated with viruses, malware, spyware, denial of service attacks, phishing attacks, server crashes, device failures, power outages, unknown communications, or some other similar incident.
However, while incident response services provide response operations to incidents within the IT environment, difficulties arise as the size and complexity of the IT environment increases. These difficulties are often compounded when the new computing components provide different operations and are configured with varying hardware and software configurations. Further, the increasing number computing components in combination with limited administrative personnel and resources can make it difficult to manage the investigation and remediation of incidents in the environment. Even with ample administrators or analyst users, it can be cumbersome to coordinate the investigation and remediation efforts.
Overview
The technology described herein improves incident response for an information technology (IT) environment. In one example, an incident service identifies a course of action to respond to an incident in the IT environment. Once identified, the incident service may identify traits of the steps that comprise the course of action, and determine credential requirements based on the traits. The incident service may further generate a request to obtain credentials to accommodate the credential requirement and execute the course of action.