公开(公告)号：US11671457B2

公开(公告)日：2023-06-06

申请号：US17246468

申请日：2021-04-30

Applicant: Splunk Inc.

Inventor： Anne Yeh ,  Jeffery Roberts

IPC: H04L9/40 ,  G06F9/451 ,  G06F9/54 ,  G06F16/245 ,  H04L9/06 ,  G06F21/55

CPC classification number: H04L63/20 ,  G06F9/451 ,  G06F9/54 ,  G06F16/245 ,  H04L9/0643 ,  H04L63/0281 ,  H04L63/0442

Abstract: Techniques are described for providing on-premises action execution agents used to execute orchestration, automation, and response (OAR) actions in users' IT environments. An on-premises action execution agent can be used to execute actions involving computing resources located in users' on-premises IT environments, where such resources may be located behind a firewall and thus not directly accessible to an IT and security operations application running in a cloud-based environment or elsewhere. An intermediary secure tunnel service is used to establish secure connections between an IT and security operations application and on-premises action execution agents, thereby enabling the encrypted transfer of credentials, API tokens, and other sensitive information used by an on-premises action execution agent to execute actions. The executed actions can include on-demand actions initiated by a user and automated actions included, e.g., as part of a playbook that is executed responsive to the identification of certain types of incidents.

公开(公告)号：US12164889B1

公开(公告)日：2024-12-10

申请号：US18539646

申请日：2023-12-14

Applicant: Splunk Inc.

Inventor： Matthew Hanson ,  Sydney Flak ,  Colin Fagan ,  Jeffery Roberts ,  Govinda Salinas ,  Philip Royer

IPC: G06F9/44 ,  G06F8/36 ,  G06F8/658 ,  G06F8/71 ,  G06F9/445

Abstract: Techniques are described for enabling users of an information technology (IT) and security operations application to create highly reusable custom functions for playbooks. The creation and execution of playbooks using an IT and security operations application generally enables users to automate operations related to an IT environment responsive to the identification of various types of incidents or other triggering conditions. Users can create playbooks to automate operations such as, for example, modifying firewall settings, quarantining devices, restarting servers, etc., to improve users' ability to efficiently respond to various types of incidents operational issues that arise from time to time in IT environments.

公开(公告)号：US11886844B1

公开(公告)日：2024-01-30

申请号：US17950848

申请日：2022-09-22

Applicant: Splunk Inc.

Inventor： Matthew Hanson ,  Sydney Flak ,  Colin Fagan ,  Jeffery Roberts ,  Govinda Salinas ,  Philip Royer

IPC: G06F9/44 ,  G06F8/36 ,  G06F9/445 ,  G06F8/658 ,  G06F8/71

CPC classification number: G06F8/36 ,  G06F8/658 ,  G06F8/71 ,  G06F9/44521

Abstract: Techniques are described for enabling users of an information technology (IT) and security operations application to create highly reusable custom functions for playbooks. The creation and execution of playbooks using an IT and security operations application generally enables users to automate operations related to an IT environment responsive to the identification of various types of incidents or other triggering conditions. Users can create playbooks to automate operations such as, for example, modifying firewall settings, quarantining devices, restarting servers, etc., to improve users' ability to efficiently respond to various types of incidents operational issues that arise from time to time in IT environments.

公开(公告)号：US11714683B1

公开(公告)日：2023-08-01

申请号：US17163320

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Jeffery Roberts ,  Matthew Hanson ,  Ryan Connor Means ,  Jeffrey Roecks ,  Taotao Yu

IPC: G06F15/173 ,  G06F9/50 ,  G06F9/455

CPC classification number: G06F9/5027 ,  G06F9/45558 ,  G06F2009/45562 ,  G06F2009/45587

Abstract: A playbook execution architecture used to efficiently execute playbooks by distributing the execution of playbook function blocks to multiple independent “worker” sub-processes is described. Each worker process hosts an independent execution environment used to execute playbook function blocks independently from other worker processes, where each worker process can host an execution environment that is the same as or different from execution environments hosted by other work processes, enabling the playbook execution engine to support function blocks written in multiple different programming language versions or programming languages entirely. The described playbook execution architecture enables an IT and security operations application to vertically scale the computing resources used to execute playbooks, provides users with more control over an amount of computing resources devoted to the execution of playbooks, and enables more expressiveness in the types of actions and efficiency of playbooks by providing support for multiple programming languages and programming language versions.

公开(公告)号：US11487513B1

公开(公告)日：2022-11-01

申请号：US16945574

申请日：2020-07-31

Applicant: Splunk Inc.

Inventor： Matthew Hanson ,  Sydney Flak ,  Colin Fagan ,  Jeffery Roberts ,  Govinda Salinas ,  Philip Royer

IPC: G06F9/44 ,  G06F8/36 ,  G06F9/445 ,  G06F8/71 ,  G06F8/658

Abstract: Techniques are described for enabling users of an information technology (IT) and security operations application to create highly reusable custom functions for playbooks. The creation and execution of playbooks using an IT and security operations application generally enables users to automate operations related to an IT environment responsive to the identification of various types of incidents or other triggering conditions. Users can create playbooks to automate operations such as, for example, modifying firewall settings, quarantining devices, restarting servers, etc., to improve users' ability to efficiently respond to various types of incidents operational issues that arise from time to time in IT environments.