公开(公告)号：US10693898B2

公开(公告)日：2020-06-23

申请号：US15885485

申请日：2018-01-31

Applicant: Splunk, Inc.

Inventor： Marios Iliofotou ,  Bo Lei ,  Essam Zaky ,  Karthik Kannan ,  George Apostolopoulos ,  Jeswanth Manikonda ,  Sitaram Venkatraman

IPC: H04L29/06

Abstract: A network connection between a server group of a data intake and query system and each of one or more source network nodes is established. The server group includes an indexer server and a model management server. Source data at the server group is received from at least one of the one or more source network nodes. A model management server detects data constraints for a security model. The data constraints include a data element used by the security model and an availability requirement set. Using the timestamped entries, the data constraints are validated to obtain a validation result. The model management server determines a data availability assessment of the security model based on the validation result. The data availability assessment of the security model is stored in computer storage.

公开(公告)号：US11777974B2

公开(公告)日：2023-10-03

申请号：US17680240

申请日：2022-02-24

Applicant: Splunk Inc.

Inventor： Marios Iliofotou ,  Bo Lei ,  Essam Zaky ,  Karthik Kannan ,  George Apostolopoulos ,  Jeswanth Manikonda ,  Sitaram Venkatraman

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/08 ,  H04L63/1408 ,  H04L63/1433 ,  H04L2463/121

Abstract: A network connection between a server group of a data intake and query system and each of one or more source network nodes is established. Source data at the server group is received from at least one of the one or more source network nodes via the respective network connections and transformed, by the indexer server, to timestamped data entries of machine data. A model management server detects data constraints for a security model that include a data element used by the security model and an availability requirement set. Using the timestamped data entries, the data constraints are validated, and the validation used to determine a data availability assessment of the security model.

公开(公告)号：US20200259854A1

公开(公告)日：2020-08-13

申请号：US16861031

申请日：2020-04-28

Applicant: Splunk Inc.

Inventor： Marios Iliofotou ,  Bo Lei ,  Essam Zaky ,  Karthik Kannan ,  George Apostolopoulos ,  Jeswanth Manikonda ,  Sitaram Venkatraman

IPC: H04L29/06

Abstract: A network connection between a server group of a data intake and query system and each of one or more source network nodes is established. The server group includes an indexer server and a model management server. Source data at the server group is received from at least one of the one or more source network nodes via the respective network connections and transformed, by the indexer server, to timestamped entries of machine data. A model management server detects data constraints for a security model. The data constraints include a data element used by the security model and an availability requirement set, the availability requirement set defining when the data element is available. Using the timestamped entries, the data constraints are validated to obtain a validation result, where validating the data constraints includes determining whether the timestamped entries satisfy the availability requirement set for the data element. The model management server determines a data availability assessment of the security model based on the validation result. The data availability assessment of the security model is stored in computer storage.

公开(公告)号：US20220247770A1

公开(公告)日：2022-08-04

申请号：US17680240

申请日：2022-02-24

Applicant: Splunk Inc.

Inventor： Marios Iliofotou ,  Bo Lei ,  Essam Zaky ,  Karthik Kannan ,  George Apostolopoulos ,  Jeswanth Manikonda ,  Sitaram Venkatraman

IPC: H04L9/40

Abstract: A network connection between a server group of a data intake and query system and each of one or more source network nodes is established. Source data at the server group is received from at least one of the one or more source network nodes via the respective network connections and transformed, by the indexer server, to timestamped data entries of machine data. A model management server detects data constraints for a security model that include a data element used by the security model and an availability requirement set. Using the timestamped data entries, the data constraints are validated, and the validation used to determine a data availability assessment of the security model.

公开(公告)号：US11297087B2

公开(公告)日：2022-04-05

申请号：US16861031

申请日：2020-04-28

Applicant: Splunk Inc.

Inventor： Marios Iliofotou ,  Bo Lei ,  Essam Zaky ,  Karthik Kannan ,  George Apostolopoulos ,  Jeswanth Manikonda ,  Sitaram Venkatraman

IPC: H04L29/06

Abstract: A network connection between a server group of a data intake and query system and each of one or more source network nodes is established. Source data at the server group is received from at least one of the one or more source network nodes via the respective network connections and transformed, by the indexer server, to timestamped entries of machine data. A model management server detects data constraints for a security model. Using the timestamped entries, the data constraints are validated to obtain a validation result, where validating the data constraints includes determining whether the timestamped entries satisfy the availability requirement set for the data element. The model management server determines a data availability assessment of the security model based on the validation result.

公开(公告)号：US20190238574A1

公开(公告)日：2019-08-01

申请号：US15885485

申请日：2018-01-31

Applicant: Splunk, Inc.

Inventor： Marios Iliofotou ,  Bo Lei ,  Essam Zaky ,  Karthik Kannan ,  George Apostolopoulos ,  Jeswanth Manikonda ,  Sitaram Venkatraman

IPC: H04L29/06 ,  G06F17/30

Abstract: A network connection between a server group of a data intake and query system and each of one or more source network nodes is established. The server group includes an indexer server and a model management server. Source data at the server group is received from at least one of the one or more source network nodes via the respective network connections and transformed, by the indexer server, to timestamped entries of machine data. A model management server detects data constraints for a security model. The data constraints include a data element used by the security model and an availability requirement set, the availability requirement set defining when the data element is available. Using the timestamped entries, the data constraints are validated to obtain a validation result, where validating the data constraints includes determining whether the timestamped entries satisfy the availability requirement set for the data element. The model management server determines a data availability assessment of the security model based on the validation result. The data availability assessment of the security model is stored in computer storage.