中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

2243 records (took 0.083 seconds)

    Fingerprinting entities based on activity in an information technology environment
    342.
    发明授权
    Fingerprinting entities based on activity in an information technology environment 有权

    公开(公告)号:US10237294B1

    公开(公告)日:2019-03-19

    申请号:US15420039

    申请日:2017-01-30

    Applicant: Splunk Inc.

    Inventor: Joseph Auguste Zadeh Rodolfo Soto George Apostolopoulos John Clifton Pierce

    IPC: H04L29/06 H04L12/26 H04L29/08 H04L29/12

    Abstract: Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate a entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges. The entity relationship graph can then be monitored to detect anomalous activity.

    Adaptive key performance indicator thresholds
    343.
    发明授权
    Adaptive key performance indicator thresholds 有权

    公开(公告)号:US10235638B2

    公开(公告)日:2019-03-19

    申请号:US14859236

    申请日:2015-09-18

    Applicant: Splunk Inc.

    Inventor: Sonal Maheshwari Manish Sainani Leonid Alekseyev Alan Hardin Jacob Barton Leverich Adam Jamison Oliner Brian Reyes Alok Anant Bhide

    IPC: H04L29/08 G06N99/00

    Abstract: Techniques are disclosed for providing adaptive thresholding technology for Key Performance Indicators (KPIs). Adaptive thresholding technology may automatically assign new values or adjust existing values for one or more thresholds of one or more time policies. Assigning threshold values using adaptive thresholding may involve identifying training data (e.g., historical data, simulated data, or example data) for the time frames and analyzing the training data to identify variations within the data (e.g., patterns, distributions, trends). A threshold value may be determined based on the variations and may be assigned to one or more of the thresholds without additional user intervention.

    Sharing configuration information for searches in data intake and query systems
    344.
    发明授权
    Sharing configuration information for searches in data intake and query systems 有权

    公开(公告)号:US10235460B2

    公开(公告)日:2019-03-19

    申请号:US14526500

    申请日:2014-10-28

    Applicant: Splunk Inc.

    Inventor: Ledio Ago Declan Gerard Shanaghy

    IPC: G06F17/30 H04W4/60 H04L29/08

    Abstract: Various embodiments describe multi-site cluster-based data intake and query systems, including cloud-based data intake and query systems. Using a hybrid search system that includes cloud-based data intake and query systems working in concert with so-called “on-premises” data intake and query systems can promote the scalability of search functionality. In addition, the hybrid search system can enable data isolation in a manner in which sensitive data is maintained “on premises” and information or data that is not sensitive can be moved to the cloud-based system. Further, the cloud-based system can enable efficient leveraging of data that may already exist in the cloud.

    Optimizing index file sizes based on indexed data storage conditions
    345.
    发明授权
    Optimizing index file sizes based on indexed data storage conditions 有权

    公开(公告)号:US10235431B2

    公开(公告)日:2019-03-19

    申请号:US15011473

    申请日:2016-01-29

    Applicant: Splunk Inc.

    Inventor: Ashish Mathew Ledion Bitincka Igor Stojanovski Dhruva Kumar Bhagi

    IPC: G06F17/30

    Abstract: Techniques and mechanisms are disclosed to optimize the size of index files to improve use of storage space available to indexers and other components of a data intake and query system. Index files of a data intake and query system may include, among other data, a keyword portion containing mappings between keywords and location references to event data containing the keywords. Optimizing an amount of storage space used by index files may include removing, modifying and/or recreating various components of index files in response to detecting one or more storage conditions related to the event data indexed by the index files. The optimization of index files generally may attempt to manage a tradeoff between an efficiency with which search requests can be processed using the index files and an amount of storage space occupied by the index files.

    Efficient calculation and organization of approximate order statistics of real numbers
    346.
    发明授权
    Efficient calculation and organization of approximate order statistics of real numbers 有权

    公开(公告)号:US10235345B2

    公开(公告)日:2019-03-19

    申请号:US15476899

    申请日:2017-03-31

    Applicant: Splunk Inc.

    Inventor: Steve Yu Zhang

    IPC: G06F17/18 G06F7/544 G06F17/30 G06F7/22 G06F7/483 G06K9/62

    Abstract: A method, system, and processor-readable storage medium are directed towards calculating approximate order statistics on a collection of real numbers. In one embodiment, the collection of real numbers is processed to create a digest comprising hierarchy of buckets. Each bucket is assigned a real number N having P digits of precision and ordinality O. The hierarchy is defined by grouping buckets into levels, where each level contains all buckets of a given ordinality. Each individual bucket in the hierarchy defines a range of numbers—all numbers that, after being truncated to that bucket's P digits of precision, are equal to that bucket's N. Each bucket additionally maintains a count of how many numbers have fallen within that bucket's range. Approximate order statistics may then be calculated by traversing the hierarchy and performing an operation on some or all of the ranges and counts associated with each bucket.

    Graph-based network security threat detection across time and entities
    349.
    发明授权
    Graph-based network security threat detection across time and entities 有权

    公开(公告)号:US10205735B2

    公开(公告)日:2019-02-12

    申请号:US15419959

    申请日:2017-01-30

    Applicant: Splunk Inc.

    Inventor: Georgios Apostolopoulos

    IPC: H04L29/06 G06F17/30

    Abstract: The disclosed techniques relate to a graph-based network security analytic framework to combine multiple sources of information and security knowledge in order to detect risky behaviors and potential threats. In some examples, the input can be anomaly events or simply regular events. The entities associated with the activities can be grouped into smaller time units, e.g., per day. The riskiest days of activity can be found by computing a risk score for each day and according to the features in the day. A graph can be built with links between the time units. The links can also receive scoring based on a number of factors. The resulting graph can be compared with known security knowledge for adjustments. Threats can be detected based on the adjusted risk score for a component (i.e., a group of linked entities) as well as a number of other factors.

Patent Agency Ranking