公开(公告)号：US11288283B2

公开(公告)日：2022-03-29

申请号：US16394733

申请日：2019-04-25

Applicant: SPLUNK INC.

Inventor： Vijay Chauhan ,  Banipal Shahbaz ,  David Hazekamp

IPC: G06F16/26 ,  G06F16/22 ,  G06F16/901

Abstract: A data intake and query system measures an amount of raw data ingested by the system during defined periods of time. As used herein, ingesting raw data generally refers to receiving the raw data from one or more computing devices and processing the data for storage and searchability. Processing the data may include, for example, parsing the raw data into “events,” where each event includes a portion of the received data and is associated with a timestamp. Based on a calculated number of events generated by the system during one or more defined time periods, the system may calculate various metrics including, but not limited to, a number of events generated during a particular day, a number of events generated per day over a period of time, a maximum number of events generated in a day over a period of time, an average number of events generated per day, etc.

公开(公告)号：US10817544B2

公开(公告)日：2020-10-27

申请号：US14701301

申请日：2015-04-30

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Banipal Shahbaz ,  David Hazekamp

IPC: G06F16/28 ,  G06F16/22 ,  G06F16/2458

Abstract: A data intake and query system measures an amount of raw data ingested by the system during defined periods of time. As used herein, ingesting raw data generally refers to receiving the raw data from one or more computing devices and processing the data for storage and searchability. Processing the data may include, for example, parsing the raw data into “events,” where each event includes a portion of the received data and is associated with a timestamp. Based on a calculated number of events generated by the system during one or more defined time periods, the system may calculate various metrics including, but not limited to, a number of events generated during a particular day, a number of events generated per day over a period of time, a maximum number of events generated in a day over a period of time, an average number of events generated per day, etc.

公开(公告)号：US10735492B2

公开(公告)日：2020-08-04

申请号：US16397434

申请日：2019-04-29

Applicant: SPLUNK INC.

Inventor： Vijay Chauhan ,  Liu-Yuan Lai ,  Wenhui Yu ,  Luke Murphey ,  David Hazekamp

IPC: H04L29/08 ,  G06F8/60 ,  G06F8/61

Abstract: Provided are systems and methods for indicating deployment of application features. In one embodiment, a method is provided that includes determining available features of a current deployment of an application for receiving machine-generated data from one or more data sources of a data system, determining un-deployed features of the current deployment of the application, wherein the un-deployed features comprise one or more of the available features that is configured to use input data from a data source and wherein the input data is not available to the feature in the current deployment of the application, and causing display of a deployment graphical user interface (GUI) that comprises an indication of the un-deployed features.

公开(公告)号：US20190251095A1

公开(公告)日：2019-08-15

申请号：US16394733

申请日：2019-04-25

Applicant: SPLUNK INC.

Inventor： Vijay Chauhan ,  Banipal Shahbaz ,  David Hazekamp

IPC: G06F16/26 ,  G06F16/22 ,  G06F16/901

CPC classification number: G06F16/26 ,  G06F16/22 ,  G06F16/901 ,  G06Q2220/18

Abstract: A data intake and query system measures an amount of raw data ingested by the system during defined periods of time. As used herein, ingesting raw data generally refers to receiving the raw data from one or more computing devices and processing the data for storage and searchability. Processing the data may include, for example, parsing the raw data into “events,” where each event includes a portion of the received data and is associated with a timestamp. Based on a calculated number of events generated by the system during one or more defined time periods, the system may calculate various metrics including, but not limited to, a number of events generated during a particular day, a number of events generated per day over a period of time, a maximum number of events generated in a day over a period of time, an average number of events generated per day, etc.

公开(公告)号：US10282455B2

公开(公告)日：2019-05-07

申请号：US14691475

申请日：2015-04-20

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Banipal Shahbaz ,  David Hazekamp

IPC: G06F17/30

Abstract: A data intake and query system measures an amount of raw data ingested by the system during defined periods of time. As used herein, ingesting raw data generally refers to receiving the raw data from one or more computing devices and processing the data for storage and searchability. Processing the data may include, for example, parsing the raw data into “events,” where each event includes a portion of the received data and is associated with a timestamp. Based on a calculated number of events generated by the system during one or more defined time periods, the system may calculate various metrics including, but not limited to, a number of events generated during a particular day, a number of events generated per day over a period of time, a maximum number of events generated in a day over a period of time, an average number of events generated per day, etc.

公开(公告)号：US20180069887A1

公开(公告)日：2018-03-08

申请号：US15799906

申请日：2017-10-31

Applicant: Splunk Inc,

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L29/06 ,  G06F21/62 ,  G06F17/30 ,  H04L12/26 ,  G06F3/0484 ,  G06F17/24

CPC classification number: H04L63/1425 ,  G06F3/0484 ,  G06F17/241 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30557 ,  G06F21/629 ,  G06F2221/2151 ,  H04L43/026 ,  H04L43/06

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US20180069886A1

公开(公告)日：2018-03-08

申请号：US15799167

申请日：2017-10-31

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Devendra M. Badhani ,  Luke K. Murphey ,  David Hazekamp

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/0218 ,  H04L63/0236

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.

公开(公告)号：US20180052994A1

公开(公告)日：2018-02-22

申请号：US15799975

申请日：2017-10-31

Applicant: Splunk Inc.

Inventor： Ravi Iyer ,  Devendra Badhani ,  Vijay Chauhan

IPC: G06F21/55 ,  G06Q10/00 ,  G06F21/56

CPC classification number: G06F21/552 ,  G06F21/566 ,  G06Q10/00

Abstract: Systems and methods are disclosed for associating an entity with a risk score that may indicate a security threat associated with the entity's activity. An exemplary method may involve monitoring the activity of a subset of the set of entities (e.g., entities included in a watch list) by executing a search query against events indicating the activity of the subset of entities. The events may be associated with timestamps and may include machine data. Executing the search query may produce search results that pertain to activity of a particular entity from the subset. The search results may be evaluated based on a triggering condition corresponding to the statistical baseline. When the triggering condition is met, a risk score for the particular entity may be updated. The updated risk score may be displayed to a user via a graphical user interface (GUI).

公开(公告)号：US09596253B2

公开(公告)日：2017-03-14

申请号：US14528918

申请日：2014-10-30

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Devendra M. Badhani ,  Luke K. Murphey ,  David Hazekamp

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/0218 ,  H04L63/0236

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.

Abstract translation: 所公开的实施例提供了有助于网络数据的处理的系统。 在运行期间，系统提供一种风险识别机制，用于从由分布在网络上的一个或多个远程捕获代理捕获的网络分组产生的时间序列事件数据中识别安全风险。 接下来，系统提供捕获触发器，用于基于安全风险从一个或多个远程捕获代理上的网络分组生成附加的时间序列事件数据，其中附加的时间序列事件数据包括一个或多个事件属性。

公开(公告)号：US20170034196A1

公开(公告)日：2017-02-02

申请号：US15143566

申请日：2016-04-30

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F17/30551 ,  G06F17/30864 ,  G06F21/552 ,  G06F21/577 ,  G06F21/62 ,  H04L41/22 ,  H04L43/045 ,  H04L63/1408 ,  H04L63/1416

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

Abstract translation: 公开了技术和机制，使网络安全分析师和其他用户有效地进行网络安全调查并产生调查结果的有用表示。 如本文所使用的，网络安全调查通常是指分析者（或分析师小组）对可能对管理的计算机网络造成内部和/或外部威胁的一个或多个检测到的网络事件的分析。 网络安全应用程序提供各种接口，使用户能够创建调查时间表，其中调查时间表显示与特定网络安全调查相关的事件的集合。 网络安全应用程序还提供监视和记录与网络安全应用程序的用户交互的功能，其中特定记录的用户交互也可以被添加到一个或多个调查时间线。