公开(公告)号：US20170031565A1

公开(公告)日：2017-02-02

申请号：US14815984

申请日：2015-08-01

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey

IPC: G06F3/0484 ,  H04L29/06

CPC classification number: G06F3/04842 ,  G06F3/04847 ,  H04L63/1416 ,  H04L63/1425

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

Abstract translation: 公开了技术和机制，使网络安全分析师和其他用户有效地进行网络安全调查并产生调查结果的有用表示。 如本文所使用的，网络安全调查通常是指分析者（或分析师小组）对可能对管理的计算机网络造成内部和/或外部威胁的一个或多个检测到的网络事件的分析。 网络安全应用程序提供各种接口，使用户能够创建调查时间表，其中调查时间表显示与特定网络安全调查相关的事件的集合。 网络安全应用程序还提供监视和记录与网络安全应用程序的用户交互的功能，其中特定记录的用户交互也可以被添加到一个或多个调查时间线。

公开(公告)号：US20160308733A1

公开(公告)日：2016-10-20

申请号：US14690741

申请日：2015-04-20

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Liu-Yuan Lai ,  Wenhui Yu ,  Luke Murphey ,  David Hazekamp

IPC: H04L12/24 ,  H04L29/08

CPC classification number: H04L67/02 ,  H04L67/34 ,  H04L67/36

Abstract: Provided are systems and methods for indicating deployment of application features. In one embodiment, a method is provided that includes determining available features of a current deployment of an application for receiving machine-generated data from one or more data sources of a data system, determining un-deployed features of the current deployment of the application, wherein the un-deployed features comprise one or more of the available features that is configured to use input data from a data source and wherein the input data is not available to the feature in the current deployment of the application, and causing display of a deployment graphical user interface (GUI) that comprises an indication of the un-deployed features.

Abstract translation: 提供了用于指示部署应用程序功能的系统和方法。 在一个实施例中，提供了一种方法，其包括确定用于从数据系统的一个或多个数据源接收机器生成的数据的应用的当前部署的可用特征，确定应用的当前部署的未部署的特征， 其中未部署的特征包括被配置为使用来自数据源的输入数据的一个或多个可用特征，并且其中所述输入数据对所述应用的当前部署中的所述特征不可用，并且导致展开 图形用户界面（GUI），其包括未部署的特征的指示。

公开(公告)号：US20160127401A1

公开(公告)日：2016-05-05

申请号：US14528918

申请日：2014-10-30

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Devendra M. Badhani ,  Luke K. Murphey ,  David Hazekamp

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/0218 ,  H04L63/0236

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.

Abstract translation: 所公开的实施例提供了有助于网络数据的处理的系统。 在运行期间，系统提供一种风险识别机制，用于从由分布在网络上的一个或多个远程捕获代理捕获的网络分组产生的时间序列事件数据中识别安全风险。 接下来，系统提供捕获触发器，用于基于安全风险从一个或多个远程捕获代理上的网络分组生成附加的时间序列事件数据，其中附加的时间序列事件数据包括一个或多个事件属性。

公开(公告)号：US20190163350A1

公开(公告)日：2019-05-30

申请号：US16264568

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey

IPC: G06F3/0484 ,  H04L29/06

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US20190124105A1

公开(公告)日：2019-04-25

申请号：US16228509

申请日：2018-12-20

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Devendra M. Badhani ,  Luke K. Murphey ,  David Hazekamp

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/0218 ,  H04L63/0236

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.

公开(公告)号：US10254934B2

公开(公告)日：2019-04-09

申请号：US14815984

申请日：2015-08-01

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey

IPC: G06F3/0484 ,  H04L29/06

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US10250628B2

公开(公告)日：2019-04-02

申请号：US15799906

申请日：2017-10-31

Applicant: Splunk Inc

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L29/06 ,  G06F17/24 ,  G06F17/30 ,  G06F21/62 ,  H04L12/26 ,  G06F3/0484

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US20170142146A1

公开(公告)日：2017-05-18

申请号：US15421269

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Devendra M. Badhani ,  Luke K. Murphey ,  David Hazekamp

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/0218 ,  H04L63/0236

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.

公开(公告)号：US09516052B1

公开(公告)日：2016-12-06

申请号：US14815981

申请日：2015-08-01

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L29/06 ,  G06F17/30 ,  G06F3/0484 ,  G06F17/24 ,  H04L12/26

CPC classification number: H04L63/1425 ,  G06F3/0484 ,  G06F17/241 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30557 ,  G06F21/629 ,  G06F2221/2151 ,  H04L43/06

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

Abstract translation: 公开了技术和机制，使网络安全分析师和其他用户有效地进行网络安全调查并产生调查结果的有用表示。 如本文所使用的，网络安全调查通常是指分析者（或分析师小组）对可能对管理的计算机网络造成内部和/或外部威胁的一个或多个检测到的网络事件的分析。 网络安全应用程序提供各种接口，使用户能够创建调查时间表，其中调查时间表显示与特定网络安全调查相关的事件的集合。 网络安全应用程序还提供监视和记录与网络安全应用程序的用户交互的功能，其中特定记录的用户交互也可以被添加到一个或多个调查时间线。

公开(公告)号：US11363047B2

公开(公告)日：2022-06-14

申请号：US17018360

申请日：2020-09-11

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L9/40 ,  G06F3/0484 ,  G06F16/25 ,  G06F16/248 ,  G06F16/2458 ,  H04L43/026 ,  G06F40/169 ,  G06F21/62 ,  H04L43/06

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.