公开(公告)号：US11593477B1

公开(公告)日：2023-02-28

申请号：US16779465

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： Vadan Thimmegowda ,  Sourabh Satish ,  Tejas Wanjari

IPC: G06F21/55 ,  G06F21/57 ,  G06F16/245 ,  G06F9/48 ,  G06F16/25 ,  G06F21/71

Abstract: Techniques are described that enable an IT and security operations application to prioritize the processing of selected events for a defined period of time. Data is obtained reflecting activity within an IT environment, wherein the data includes a plurality of events each representing an occurrence of activity within the IT environment. A severity level is assigned to each event of the plurality of events, where the events are processed by the IT and security operations application in an order that is based at least in part on the severity level assigned to each event. Input is received identifying at least one event of the plurality of events for expedited processing to obtain a set of expedited events, and the identified events are processed by the IT and security operations application before processing events that are not in the set of expedited events.

公开(公告)号：US11916929B1

公开(公告)日：2024-02-27

申请号：US16657966

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Vadan Thimmegowda ,  Sourabh Satish

IPC: H04L9/40

CPC classification number: H04L63/1416

Abstract: An information technology (IT) and security operations application enables the automatic assignment of incident events to analysts based on a variety of characteristics of the incident events to be assigned, the analysts and analyst teams, and other considerations. An IT and security operations application can perform the automatic assignment of incident events based at least in part on data indicating each analyst's knowledge of certain types of incidents, data indicating each analyst's efficiency at responding to certain types of incidents, and the like, where such data is automatically created and maintained by the application. In this manner, incident events can be efficiently assigned to analysts upon their receipt by the system without the need for a security team to constantly perform a cumbersome incident event assignment process based on a limited set of data, thereby improving analyst teams' ability to efficiently ensure the operation and security of IT environments for which the teams are responsible.