公开(公告)号：US11805144B1

公开(公告)日：2023-10-31

申请号：US18061364

申请日：2022-12-02

Applicant: Splunk Inc.

Inventor： Allison Lindsey Drake ,  James Irwin Ebeling ,  Marios Iliofotou ,  Lucas Keith Murphey ,  Mihir Randhir Parikh ,  Amarendra Pendala ,  Krishna Prasanna Sankaran ,  Sourabh Satish

IPC: G06F3/0482 ,  H04L9/40 ,  G06T11/20 ,  G06F16/26 ,  G06F16/2457 ,  G06T11/00 ,  G06F16/248

CPC classification number: H04L63/1425 ,  G06F16/248 ,  G06F16/24578 ,  G06F16/26 ,  G06T11/001 ,  G06T11/206 ,  H04L63/1433 ,  G06F3/0482 ,  G06T2200/24

Abstract: Security related anomalies in the data related to network entities are identified, and a risk score is assigned to each entity based on the anomalies. Visualization data is generated for a color-coded interactive visualization. Generating the visualization data includes assigning each entity to a separate polygon to be displayed concurrently on a display screen; selecting a size of each polygon to indicate one of: a number of security related anomalies associated with the entity, or a risk level assigned to the entity, where the risk level is based on the risk score of the entity, and selecting a color of each polygon to indicate the other one of: the number of security related anomalies associated with the entity, or the risk level assigned to the entity; and causing, the color-coded interactive visualization to be displayed on a display device based on the visualization data.

公开(公告)号：US12099492B1

公开(公告)日：2024-09-24

申请号：US18310476

申请日：2023-05-01

Applicant: Splunk Inc.

Inventor： Sumit Singh Bagga ,  Robin Jinyang Hu ,  Marios Iliofotou ,  Amarendra Pendala

IPC: G06F16/23 ,  G06F11/34 ,  G06F16/22 ,  G06F16/27 ,  H04L67/146

CPC classification number: G06F16/2322 ,  G06F11/3409 ,  G06F16/2282 ,  G06F16/273 ,  H04L67/146

Abstract: An identify resolution system performs actions comprises a set-up process and an identity resolution process that executes asynchronously with respect to the set-up process. the set-up process includes accessing machine data including a plurality of event data objects, each event data object of the plurality of event data objects including timestamped raw machine-generated data indicative of performance or operation of one or more entities in a computer network environment. The identity resolution process ascertains the identity of an entity associated with the computer network environment, based on the association data in the data store, wherein the identity of the entity is not expressed directly in the association data in the data store.

公开(公告)号：US11675771B1

公开(公告)日：2023-06-13

申请号：US17084239

申请日：2020-10-29

Applicant: Splunk Inc.

Inventor： Sumit Singh Bagga ,  Robin Jinyang Hu ,  Marios Iliofotou ,  Amarendra Pendala

IPC: G06F16/23 ,  G06F16/22 ,  H04L67/146 ,  G06F11/34 ,  G06F16/27

CPC classification number: G06F16/2322 ,  G06F11/3409 ,  G06F16/2282 ,  G06F16/273 ,  H04L67/146

Abstract: An identify resolution system performs actions comprises a set-up process and an identity resolution process that executes asynchronously with respect to the set-up process. the set-up process includes accessing machine data including a plurality of event data objects, each event data object of the plurality of event data objects including timestamped raw machine-generated data indicative of performance or operation of one or more entities in a computer network environment. The identity resolution process ascertains the identity of an entity associated with the computer network environment, based on the association data in the data store, wherein the identity of the entity is not expressed directly in the association data in the data store.

公开(公告)号：US11949702B1

公开(公告)日：2024-04-02

申请号：US18052030

申请日：2022-11-02

Applicant: Splunk Inc.

Inventor： Sumit Singh Bagga ,  Francis E. Gerard ,  Robin Jinyang Hu ,  Marios Iliofotou ,  J. Evan Jordan ,  Amarendra Pendala ,  Sourabh Satish

IPC: H04L12/00 ,  H04L9/40 ,  H04L65/61

CPC classification number: H04L63/1425 ,  H04L65/61

Abstract: A method comprises acquiring anomaly data including a plurality of anomalies detected from streaming data, wherein each of the anomalies relates to an entity on or associated with a computer network. The method determines a risk score of each of the anomalies, and adjusts the risk score of an anomaly according to a set of factors. The method further determines, for each of a plurality of sliding time windows of different lengths, an entity score of the entity in relation to the sliding time window, based on an aggregation of risk scores of all anomalies related to the entity that were detected within the sliding time window, where the entity score corresponds to a risk level associated with the entity. An action to prevent the entity from performing an operation can be determined and caused to occur based on the entity score.

公开(公告)号：US11558412B1

公开(公告)日：2023-01-17

申请号：US17216471

申请日：2021-03-29

Applicant: Splunk Inc.

Inventor： Allison Lindsey Drake ,  James Irwin Ebeling ,  Marios Iliofotou ,  Lucas Keith Murphey ,  Mihir Randhir Parikh ,  Amarendra Pendala ,  Krishna Prasanna Sankaran ,  Sourabh Satish

IPC: G06F3/0482 ,  H04L9/40 ,  G06F16/26 ,  G06F16/2457 ,  G06T11/20 ,  G06T11/00 ,  G06F16/248

Abstract: Security related anomalies in the data related to network entities are identified, and a risk score is assigned to each entity based on the anomalies. Visualization data is generated for a color-coded interactive visualization. Generating the visualization data includes assigning each entity to a separate polygon to be displayed concurrently on a display screen; selecting a size of each polygon to indicate one of: a number of security related anomalies associated with the entity, or a risk level assigned to the entity, where the risk level is based on the risk score of the entity, and selecting a color of each polygon to indicate the other one of: the number of security related anomalies associated with the entity, or the risk level assigned to the entity; and causing, the color-coded interactive visualization to be displayed on a display device based on the visualization data.

公开(公告)号：US11552974B1

公开(公告)日：2023-01-10

申请号：US17086146

申请日：2020-10-30

Applicant: Splunk Inc.

Inventor： Sumit Singh Bagga ,  Francis E. Gerard ,  Robin Jinyang Hu ,  Marios Iliofotou ,  J. Evan Jordan ,  Amarendra Pendala ,  Sourabh Satish

IPC: H04L12/00 ,  H04L9/40 ,  H04L65/61

Abstract: A method comprises acquiring anomaly data including a plurality of anomalies detected from streaming data, wherein each of the anomalies relates to an entity on or associated with a computer network. The method determines a risk score of each of the anomalies, and adjusts the risk score of an anomaly according to a set of factors. The method further determines, for each of a plurality of sliding time windows of different lengths, an entity score of the entity in relation to the sliding time window, based on an aggregation of risk scores of all anomalies related to the entity that were detected within the sliding time window, where the entity score corresponds to a risk level associated with the entity. An action to prevent the entity from performing an operation can be determined and caused to occur based on the entity score.