Entities in a computing environment may be monitored to identify potential security issues. When a security issue is identified, a user may engage in additional monitoring or resolve the issue. However, as the number and/or the complexity of entities increases, it may become difficult or impossible to review each entity and act on every security event.
It is with respect to these and other general considerations that the aspects disclosed herein have been made. Also, although relatively specific problems may be discussed, it should be understood that the examples should not be limited to solving the specific problems identified in the background or elsewhere in this disclosure.