公开(公告)号：US20170048264A1

公开(公告)日：2017-02-16

申请号：US15339952

申请日：2016-11-01

Applicant: Splunk Inc,

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L29/06 ,  G06F17/30 ,  G06F21/62 ,  G06F17/24 ,  G06F3/0484

CPC classification number: H04L63/1425 ,  G06F3/0484 ,  G06F17/241 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30557 ,  G06F21/629 ,  G06F2221/2151 ,  H04L43/06

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

Abstract translation: 公开了技术和机制，使网络安全分析师和其他用户有效地进行网络安全调查并产生调查结果的有用表示。 如本文所使用的，网络安全调查通常是指分析者（或分析师小组）对可能对管理的计算机网络造成内部和/或外部威胁的一个或多个检测到的网络事件的分析。 网络安全应用程序提供各种接口，使用户能够创建调查时间表，其中调查时间表显示与特定网络安全调查相关的事件的集合。 网络安全应用程序还提供监视和记录与网络安全应用程序的用户交互的功能，其中特定记录的用户交互也可以被添加到一个或多个调查时间线。

公开(公告)号：US12132624B2

公开(公告)日：2024-10-29

申请号：US18162595

申请日：2023-01-31

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Geng Qin ,  Ting Wang ,  Min Zhang ,  Micah Delfino ,  Jef Bekes ,  D. Randall Young ,  Cary Noel ,  Feng Shao ,  Dritan Bitincka

IPC: H04L43/045 ,  H04L41/12 ,  H04L41/22 ,  H04L43/0817

CPC classification number: H04L43/045 ,  H04L41/12 ,  H04L41/22 ,  H04L43/0817

Abstract: Techniques and mechanisms are disclosed that enable collection of various types of data from cloud computing services and the generation of various dashboards and visualizations to view information about collections of cloud computing resources. A user can configure collection of data from one or more cloud computing services and view visualizations using an application platform referred to herein as a cloud computing management application. A cloud computing management application further may be configured to generate and cause display of interactive topology map representations of cloud computing resources based on the collected data, where an interactive topology map enables users to view an intuitive visualization of a collection of computing resources, efficiently cause performance of actions with respect to various resources displayed in the topology map, and analyze the collection of resources in ways that are not possible using conventional cloud computing service management consoles.

公开(公告)号：US20190163350A1

公开(公告)日：2019-05-30

申请号：US16264568

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey

IPC: G06F3/0484 ,  H04L29/06

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US10254934B2

公开(公告)日：2019-04-09

申请号：US14815984

申请日：2015-08-01

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey

IPC: G06F3/0484 ,  H04L29/06

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US10250628B2

公开(公告)日：2019-04-02

申请号：US15799906

申请日：2017-10-31

Applicant: Splunk Inc

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L29/06 ,  G06F17/24 ,  G06F17/30 ,  G06F21/62 ,  H04L12/26 ,  G06F3/0484

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US20180024702A1

公开(公告)日：2018-01-25

申请号：US15721551

申请日：2017-09-29

Applicant: Splunk Inc.

Inventor： Cary Noel ,  John Coates

IPC: G06F3/0481 ,  G06F17/30 ,  G06F3/0484

CPC classification number: G06F3/0481 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/2477 ,  G06F16/248

Abstract: A visualization can include a set of swim lanes, each swim lane representing information about an event type. An event type can be specified, e.g., as those events having certain keywords and/or having specified value(s) for specified field(s). The swim lane can plot when (within a time range) events of the associated event type occurred. Specifically, each such event can be assigned to a bucket having a bucket time matching the event time. A swim lane can extend along a timeline axis in the visualization, and the buckets can be positioned at a point along the axis that represents the bucket time. Thus, the visualization may indicate whether events were clustered at a point in time. Because the visualization can include a plurality of swim lanes, the visualization can further indicate how timing of events of a first type compare to timing of events of a second type.

公开(公告)号：US20170093645A1

公开(公告)日：2017-03-30

申请号：US14902848

申请日：2015-09-21

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Geng Qin ,  Ting Wang ,  Min Zhang ,  Micah Delfino ,  Jef Beles ,  Randy Young ,  Cary Noel ,  Feng Shao ,  Dritan Bitincka

IPC: H04L12/24 ,  G06F17/30 ,  G06F3/0482 ,  G06F3/0486 ,  H04L29/08 ,  H04L12/26

Abstract: Techniques and mechanisms are disclosed that enable collection of various types of data from cloud computing services and the generation of various dashboards and visualizations to view information about collections of cloud computing resources. A user can configure collection of data from one or more cloud computing services and view visualizations using an application platform referred to herein as a cloud computing management application. A cloud computing management application further may be configured to generate and cause display of interactive topology map representations of cloud computing resources based on the collected data, where an interactive topology map enables users to view an intuitive visualization of a collection of computing resources, efficiently cause performance of actions with respect to various resources displayed in the topology map, and analyze the collection of resources in ways that are not possible using conventional cloud computing service management consoles.

公开(公告)号：US09516052B1

公开(公告)日：2016-12-06

申请号：US14815981

申请日：2015-08-01

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L29/06 ,  G06F17/30 ,  G06F3/0484 ,  G06F17/24 ,  H04L12/26

CPC classification number: H04L63/1425 ,  G06F3/0484 ,  G06F17/241 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30557 ,  G06F21/629 ,  G06F2221/2151 ,  H04L43/06

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

Abstract translation: 公开了技术和机制，使网络安全分析师和其他用户有效地进行网络安全调查并产生调查结果的有用表示。 如本文所使用的，网络安全调查通常是指分析者（或分析师小组）对可能对管理的计算机网络造成内部和/或外部威胁的一个或多个检测到的网络事件的分析。 网络安全应用程序提供各种接口，使用户能够创建调查时间表，其中调查时间表显示与特定网络安全调查相关的事件的集合。 网络安全应用程序还提供监视和记录与网络安全应用程序的用户交互的功能，其中特定记录的用户交互也可以被添加到一个或多个调查时间线。

公开(公告)号：US20160011723A1

公开(公告)日：2016-01-14

申请号：US14691045

申请日：2015-04-20

Applicant: Splunk Inc.

Inventor： Cary Noel ,  John Coates

IPC: G06F3/0481 ,  G06F3/0484 ,  G06F17/30

CPC classification number: G06F3/0481 ,  G06F3/0484 ,  G06F3/04842 ,  G06F17/30551 ,  G06F17/30554

Abstract: A visualization can include a set of swim lanes, each swim lane representing information about an event type. An event type can be specified, e.g., as those events having certain keywords and/or having specified value(s) for specified field(s). The swim lane can plot when (within a time range) events of the associated event type occurred. Specifically, each such event can be assigned to a bucket having a bucket time matching the event time. A swim lane can extend along a timeline axis in the visualization, and the buckets can be positioned at a point along the axis that represents the bucket time. Thus, the visualization may indicate whether events were clustered at a point in time. Because the visualization can include a plurality of swim lanes, the visualization can further indicate how timing of events of a first type compare to timing of events of a second type.

Abstract translation: 可视化可以包括一组泳道，每个泳道表示关于事件类型的信息。 可以指定事件类型，例如作为具有某些关键字的事件和/或具有指定字段的指定值的事件。 泳道可以绘制发生相关事件类型的事件（在一段时间内）。 特别地，每个这样的事件可以被分配给具有与事件时间匹配的桶时间的桶。 泳道可以沿着可视化中的时间线轴线延伸，并且桶可以被定位在沿轴线的表示铲斗时间的点上。 因此，可视化可以指示事件是否在某个时间点聚集。 因为可视化可以包括多个泳道，所以可视化可以进一步指示第一类型的事件的定时与第二类型的事件的定时比较。

公开(公告)号：US09043717B2

公开(公告)日：2015-05-26

申请号：US14326459

申请日：2014-07-08

Applicant: Splunk Inc.

Inventor： Cary Noel ,  John Coates

IPC: G06F3/048 ,  G06F3/0484

CPC classification number: G06F3/0481 ,  G06F3/0484 ,  G06F3/04842 ,  G06F17/30551 ,  G06F17/30554

Abstract: A visualization can include a set of swim lanes, each swim lane representing information about an event type. An event type can be specified, e.g., as those events having certain keywords and/or having specified value(s) for specified field(s). The swim lane can plot when (within a time range) events of the associated event type occurred. Specifically, each such event can be assigned to a bucket having a bucket time matching the event time. A swim lane can extend along a timeline axis in the visualization, and the buckets can be positioned at a point along the axis that represents the bucket time. Thus, the visualization may indicate whether events were clustered at a point in time. Because the visualization can include a plurality of swim lanes, the visualization can further indicate how timing of events of a first type compare to timing of events of a second type.

Abstract translation: 可视化可以包括一组泳道，每个泳道表示关于事件类型的信息。 可以指定事件类型，例如作为具有某些关键字的事件和/或具有指定字段的指定值的事件。 泳道可以绘制发生相关事件类型的事件（在一段时间内）。 特别地，每个这样的事件可以被分配给具有与事件时间匹配的桶时间的桶。 泳道可以沿着可视化中的时间线轴线延伸，并且桶可以被定位在沿轴线的表示铲斗时间的点上。 因此，可视化可以指示事件是否在某个时间点聚集。 因为可视化可以包括多个泳道，所以可视化可以进一步指示第一类型的事件的定时与第二类型的事件的定时比较。