Security threat mechanisms in computing systems may use a variety of techniques for detecting potential security threats. Some techniques may include comparing the communications traffic of the computing system to one or more digital signatures that are indicative of known security threats. Other operational characteristics of the computing systems can also be monitored to assist in detecting potential security threats. However, when a computing system detects operational characteristics that exceed normal operational characteristics and that do not match patterns that are indicative of a known security threat, the computing system may have to cease operations, e.g., providing services to users, until one or more human resources evaluate the anomalous operational characteristics detected by the computing system.
What is needed is a method and system for correlating data or patterns from computing systems or virtual assets with external events to provide additional explanations for deviations in normal operating characteristics.