公开(公告)号：US11010342B2

公开(公告)日：2021-05-18

申请号：US15478186

申请日：2017-04-03

Applicant: Splunk Inc.

Inventor： Stanislav Miskovic ,  Satheesh Kumar Joseph Durairaj ,  George Apostolopulous ,  Dimitrios Terzis

IPC: G06F16/17 ,  G06N5/04 ,  H04L29/08 ,  G06N20/00 ,  G06N5/02

Abstract: A system and method of obtaining and utilizing an activity signature that is representative of a specific category of network activities based on directory service (DS) log data. The activity signature may be determining by a learning process, including segmenting and pruning a training dataset into a plurality of event segments and matching them with activities based on DS log data of known activities. Once obtained, the activity signature can advantageously be utilized to analyze any DS log data and activities in actual deployment. Using activity signatures to analyze DS event log can reveal roles of event-collection machines, aggregate information dispersed across their component events to reveal actors involved in particular AD activities, augment visibility of DS by enabling various vantage points to better infer activities at other domain machines, and reveal macro activities so that logged information becomes easily interpretable to human analysts.

公开(公告)号：US20210209067A1

公开(公告)日：2021-07-08

申请号：US17212399

申请日：2021-03-25

Applicant: Splunk Inc.

Inventor： Stanislav Miskovic ,  Satheesh Kumar Joseph Durairaj ,  George Apostolopulous ,  Dimitrios Terzis

IPC: G06F16/17 ,  G06N5/04 ,  H04L29/08 ,  G06N20/00 ,  G06N5/02

Abstract: A system and method of obtaining and utilizing an activity signature that is representative of a specific category of network activities based on directory service (DS) log data. The activity signature may be determining by a learning process, including segmenting and pruning a training dataset into a plurality of event segments and matching them with activities based on DS log data of known activities. Once obtained, the activity signature can advantageously be utilized to analyze any DS log data and activities in actual deployment. Using activity signatures to analyze DS event log can reveal roles of event-collection machines, aggregate information dispersed across their component events to reveal actors involved in particular AD activities, augment visibility of DS by enabling various vantage points to better infer activities at other domain machines, and reveal macro activities so that logged information becomes easily interpretable to human analysts.

公开(公告)号：US20180285776A1

公开(公告)日：2018-10-04

申请号：US15478186

申请日：2017-04-03

Applicant: Splunk Inc.

Inventor： Stanislav Miskovic ,  Satheesh Kumar Joseph Durairaj ,  George Apostolopulous ,  Dimitrios Terzis

IPC: G06N99/00 ,  G06N5/04 ,  H04L12/26 ,  H04L29/08

Abstract: A system and method of obtaining and utilizing an activity signature that is representative of a specific category of network activities based on directory service (DS) log data. The activity signature may be determining by a learning process, including segmenting and pruning a training dataset into a plurality of event segments and matching them with activities based on DS log data of known activities. Once obtained, the activity signature can advantageously be utilized to analyze any DS log data and activities in actual deployment. Using activity signatures to analyze DS event log can reveal roles of event-collection machines, aggregate information dispersed across their component events to reveal actors involved in particular AD activities, augment visibility of DS by enabling various vantage points to better infer activities at other domain machines, and reveal macro activities so that logged information becomes easily interpretable to human analysts.