-
公开(公告)号:US20190138718A1
公开(公告)日:2019-05-09
申请号:US16237611
申请日:2018-12-31
Applicant: Splunk Inc.
Inventor: Ravi Iyer , Devendra Badhani , Vijay Chauhan
Abstract: Systems and methods are disclosed for associating an entity with a risk score that may indicate a security threat associated with the entity's activity. An exemplary method may involve monitoring the activity of a subset of the set of entities (e.g., entities included in a watch list) by executing a search query against events indicating the activity of the subset of entities. The events may be associated with timestamps and may include machine data. Executing the search query may produce search results that pertain to activity of a particular entity from the subset. The search results may be evaluated based on a triggering condition corresponding to the statistical baseline. When the triggering condition is met, a risk score for the particular entity may be updated. The updated risk score may be displayed to a user via a graphical user interface (GUI).
-
公开(公告)号:US20190095510A1
公开(公告)日:2019-03-28
申请号:US15715077
申请日:2017-09-25
Applicant: Splunk Inc.
Abstract: Systems and methods are disclosed for implementing a low-latency data stream monitoring system. The data stream monitoring system may obtain raw data from a data source as soon after the data is generated, and may classify the data according to different topics. The topics may be published in a publish-subscribe messaging model, and data enrichment systems may subscribe to the topics to receive data for enrichment. The data enrichment systems may supplement or replace the raw data with additional information, and may further classify or reclassify the enriched data into different topics. The enriched data may then be published to an alert generation system, which may apply various criteria to the enriched data to determine that alerts should be generated, generate the alerts, and publish or transmit the alerts to client devices. Individual data streams, topics, enrichments, criteria, and alarms may be added, removed, or modified as required.
-
公开(公告)号:US20190095508A1
公开(公告)日:2019-03-28
申请号:US15715091
申请日:2017-09-25
Applicant: Splunk Inc.
Inventor: Michael Porath , Finlay Cannon , Jonathan Ng , Thomas Haggie
IPC: G06F17/30
Abstract: Embodiments are disclosed for a visualization system that facilitates exploration and analysis of large sets of data by providing for synchronized, independent visualizations of metrics or event-derived value sets. The visualizations can reflect a variety of data, including pre-prepared metrics, event-derived values, or a combination thereof. Global parameter controls can enable synchronized interaction with multiple visualizations, such as modifying parameters of respective visualizations with a single input. Local parameter controls can enable interaction with an individual visualization, independent of interaction with other visualizations. A variety of tools and interfaces are provided to manipulate the visualizations to facilitate analysis across a variety of metrics within a single interface.
-
公开(公告)号:US10237294B1
公开(公告)日:2019-03-19
申请号:US15420039
申请日:2017-01-30
Applicant: Splunk Inc.
Inventor: Joseph Auguste Zadeh , Rodolfo Soto , George Apostolopoulos , John Clifton Pierce
Abstract: Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate a entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges. The entity relationship graph can then be monitored to detect anomalous activity.
-
公开(公告)号:US10235638B2
公开(公告)日:2019-03-19
申请号:US14859236
申请日:2015-09-18
Applicant: Splunk Inc.
Inventor: Sonal Maheshwari , Manish Sainani , Leonid Alekseyev , Alan Hardin , Jacob Barton Leverich , Adam Jamison Oliner , Brian Reyes , Alok Anant Bhide
Abstract: Techniques are disclosed for providing adaptive thresholding technology for Key Performance Indicators (KPIs). Adaptive thresholding technology may automatically assign new values or adjust existing values for one or more thresholds of one or more time policies. Assigning threshold values using adaptive thresholding may involve identifying training data (e.g., historical data, simulated data, or example data) for the time frames and analyzing the training data to identify variations within the data (e.g., patterns, distributions, trends). A threshold value may be determined based on the variations and may be assigned to one or more of the thresholds without additional user intervention.
-
Patent Agency Ranking
公开(公告)号:US10235460B2
公开(公告)日:2019-03-19
申请号:US14526500
申请日:2014-10-28
Applicant: Splunk Inc.
Inventor: Ledio Ago , Declan Gerard Shanaghy
Abstract: Various embodiments describe multi-site cluster-based data intake and query systems, including cloud-based data intake and query systems. Using a hybrid search system that includes cloud-based data intake and query systems working in concert with so-called “on-premises” data intake and query systems can promote the scalability of search functionality. In addition, the hybrid search system can enable data isolation in a manner in which sensitive data is maintained “on premises” and information or data that is not sensitive can be moved to the cloud-based system. Further, the cloud-based system can enable efficient leveraging of data that may already exist in the cloud.
-
公开(公告)号:US10235431B2
公开(公告)日:2019-03-19
申请号:US15011473
申请日:2016-01-29
Applicant: Splunk Inc.
Inventor: Ashish Mathew , Ledion Bitincka , Igor Stojanovski , Dhruva Kumar Bhagi
IPC: G06F17/30
Abstract: Techniques and mechanisms are disclosed to optimize the size of index files to improve use of storage space available to indexers and other components of a data intake and query system. Index files of a data intake and query system may include, among other data, a keyword portion containing mappings between keywords and location references to event data containing the keywords. Optimizing an amount of storage space used by index files may include removing, modifying and/or recreating various components of index files in response to detecting one or more storage conditions related to the event data indexed by the index files. The optimization of index files generally may attempt to manage a tradeoff between an efficiency with which search requests can be processed using the index files and an amount of storage space occupied by the index files.
-
公开(公告)号:US10235345B2
公开(公告)日:2019-03-19
申请号:US15476899
申请日:2017-03-31
Applicant: Splunk Inc.
Inventor: Steve Yu Zhang
Abstract: A method, system, and processor-readable storage medium are directed towards calculating approximate order statistics on a collection of real numbers. In one embodiment, the collection of real numbers is processed to create a digest comprising hierarchy of buckets. Each bucket is assigned a real number N having P digits of precision and ordinality O. The hierarchy is defined by grouping buckets into levels, where each level contains all buckets of a given ordinality. Each individual bucket in the hierarchy defines a range of numbers—all numbers that, after being truncated to that bucket's P digits of precision, are equal to that bucket's N. Each bucket additionally maintains a count of how many numbers have fallen within that bucket's range. Approximate order statistics may then be calculated by traversing the hierarchy and performing an operation on some or all of the ranges and counts associated with each bucket.
-
379.发明授权公开(公告)号:US10225136B2
公开(公告)日:2019-03-05
申请号:US15421353
申请日:2017-01-31
Applicant: Splunk Inc.
Inventor: Brian Bingham , Tristan Fletcher , Alok Anant Bhide
Abstract: The disclosed system and method acquire and store performance measurements relating to performance of a component in an information technology (IT) environment and log data produced by the IT environment, in association with corresponding time stamps. The disclosed system and method correlate at least one of the performance measurements with at least one of the portions of log data.
-
公开(公告)号:US20190065541A1
公开(公告)日:2019-02-28
申请号:US16177027
申请日:2018-10-31
Applicant: SPLUNK INC.
Inventor: Divanny I. Lamas , Marc Vincent Robichaud
IPC: G06F17/30
Abstract: Event time selection output techniques are described. In one or more implementations, one or more inputs are received, at one or more computing devices, that involve interaction associated with a particular one of a plurality of events via a user interface, in which the plurality of events result from a search of data, each of the plurality of events include the data that is associated with a respective point in time, and the one or more inputs specify a relative time in relation to the respective point in time of the particular event. A determination is made as to which of the plurality of events correspond to the specified relative time by the one or more computing devices and a result of the determination is output by the one or more computing devices for display in the user interface.
-
-
-
-
-
-
-
-
-
Search Results
2959
records
(took 0.063 seconds)
