Microsoft Corporation
Secure incident investigation event capture

Abstract:

A secure investigation platform in a sovereign cloud includes a request processing system that receives requests to investigate an incident. A control message processing system creates a workspace, within the sovereign cloud, so that an investigation can be conducted within that workspace. The control message processing system performs investigation tasks within the workspace. A secure log generation system captures information corresponding to the tasks and generates an event record based on the captured information.