公开(公告)号：US10742484B1

公开(公告)日：2020-08-11

申请号：US16051183

申请日：2018-07-31

Applicant: Splunk Inc.

Inventor： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: H04L12/24 ,  H04L29/06

Abstract: Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.

公开(公告)号：US10425441B2

公开(公告)日：2019-09-24

申请号：US16107975

申请日：2018-08-21

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

Abstract: Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.

公开(公告)号：US20190253459A1

公开(公告)日：2019-08-15

申请号：US16393803

申请日：2019-04-24

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Ryan Russell

IPC: H04L29/06 ,  G06F21/00 ,  G06F21/57

CPC classification number: H04L63/20 ,  G06F21/00 ,  G06F21/577

Abstract: Systems, methods, and software described herein provide for identifying recommended feature sets for new security applications. In one example, a method of providing recommended feature sets for a new security application includes identifying a request for the new security application, and determining a classification for the new security application. The method further provides identifying related applications to the new security application based on the classification, and identifying a feature set for the new security application based on features provided in the related applications.

公开(公告)号：US20180316718A1

公开(公告)日：2018-11-01

申请号：US15924759

申请日：2018-03-19

Applicant: SPLUNK INC.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F17/30 ,  G06F21/55

Abstract: Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.

公开(公告)号：US12045201B1

公开(公告)日：2024-07-23

申请号：US16779463

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Atif Mahadik ,  Govind Salinas

IPC: G06F7/00 ,  G06F9/54 ,  G06F16/16 ,  G06F16/17 ,  G06F16/182 ,  G06F16/23 ,  G06F16/245 ,  G06F16/28 ,  G06F21/62

CPC classification number: G06F16/1734 ,  G06F9/542 ,  G06F16/168 ,  G06F16/1824 ,  G06F16/2322 ,  G06F16/245 ,  G06F16/283 ,  G06F21/6218

Abstract: Techniques are described for automatically identifying and configuring IT and security application connectors relevant to users' IT environment by obtaining and analyzing data reflecting activity within an IT environment. The identification of types of assets within an IT environment may be based on analyzing a “source type” field included in events associated with the IT environment, where the source type field included in each event provides an indication of a type of device or service to which the event relates. The values stored in the source type field of events associated with a user's IT environment might indicate, for example, the presence of various types of computing devices, software applications, network devices, and so forth. Based on the identification of types of assets present in an IT environment, an IT and security operations application automatically configures corresponding connectors for those types of assets.

公开(公告)号：US11811587B1

公开(公告)日：2023-11-07

申请号：US18158400

申请日：2023-01-23

Applicant: Splunk Inc.

Inventor： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: H04L41/0631 ,  H04L41/0654 ,  H04L41/14 ,  H04L9/40 ,  H04L41/22 ,  H04L41/5074 ,  G06F21/55 ,  H04L41/08

CPC classification number: H04L41/0631 ,  G06F21/554 ,  H04L41/0654 ,  H04L41/0883 ,  H04L41/14 ,  H04L41/22 ,  H04L41/5074 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/20

Abstract: Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.

公开(公告)号：US11784996B2

公开(公告)日：2023-10-10

申请号：US16934915

申请日：2020-07-21

Applicant: Splunk Inc.

Inventor： Govind Salinas ,  Sourabh Satish ,  Robert John Truesdell

IPC: H04L9/40

CPC classification number: H04L63/083 ,  H04L63/105

Abstract: Described herein are systems, methods, and software to enhance incident response in an information technology (IT) environment. In one example, an incident service identifies a course of action to respond to an incident in the IT environment. The incident service further identifies a particular step in the course of action associated with a credential requirement based on traits associated with the particular step, and generates a credential request to obtain credentials to support the credential requirement.

公开(公告)号：US11165812B2

公开(公告)日：2021-11-02

申请号：US14675176

申请日：2015-03-31

Applicant: SPLUNK INC.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

Abstract: Systems, methods, and software described herein provide for identifying and implementing security actions within a computing environment. In one example, a method of operating an advisement system to provide security actions in a computing environment includes identifying communication interactions between a plurality of computing assets and, after identifying the communication interactions, identifying a security incident in a first computing asset. The method further provides identifying at least one related computing asset to the first asset based on the communication interactions, and determining the security actions to be taken in the first computing asset and the related computing asset.

公开(公告)号：US11133977B2

公开(公告)日：2021-09-28

申请号：US16926907

申请日：2020-07-13

Applicant: Splunk Inc.

Inventor： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: H04L12/24 ,  H04L29/06

Abstract: Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.

公开(公告)号：US20210281602A1

公开(公告)日：2021-09-09

申请号：US17327098

申请日：2021-05-21

Applicant: Splunk Inc.

Inventor： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: H04L29/06 ,  H04L9/00 ,  G06F21/55

Abstract: Described herein are systems and methods for enhancing an interface for an information technology (IT) environment. In one implementation, an incident service causes display of a first version of a course of action and obtains input indicative of a request for a new action in the course of action. The incident service further determines suggested actions based at least one the input and causes display of the suggested actions. Once displayed, the incident service obtains input indicative of a selection of at least one action from the suggested actions, and causes display input indicative of a selection of at least one action from the suggested actions.