公开(公告)号：US10212174B2

公开(公告)日：2019-02-19

申请号：US14928535

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas

IPC: H04L29/06 ,  G06N99/00 ,  G06F17/30 ,  G06N7/00 ,  G06F3/0482 ,  G06K9/20 ,  G06F3/0484 ,  H04L12/24 ,  H04L12/26 ,  G06F17/22 ,  G06N5/04

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US10205735B2

公开(公告)日：2019-02-12

申请号：US15419959

申请日：2017-01-30

Applicant: Splunk Inc.

Inventor： Georgios Apostolopoulos

IPC: H04L29/06 ,  G06F17/30

Abstract: The disclosed techniques relate to a graph-based network security analytic framework to combine multiple sources of information and security knowledge in order to detect risky behaviors and potential threats. In some examples, the input can be anomaly events or simply regular events. The entities associated with the activities can be grouped into smaller time units, e.g., per day. The riskiest days of activity can be found by computing a risk score for each day and according to the features in the day. A graph can be built with links between the time units. The links can also receive scoring based on a number of factors. The resulting graph can be compared with known security knowledge for adjustments. Threats can be detected based on the adjusted risk score for a component (i.e., a group of linked entities) as well as a number of other factors.

公开(公告)号：US20190034430A1

公开(公告)日：2019-01-31

申请号：US15663722

申请日：2017-07-29

Applicant: Splunk Inc.

Inventor： Dipock Das ,  Dayanand Pochugari ,  Neeraj Verma ,  Nikesh Padakanti ,  Aungon Nag Radon ,  Anand Srinivasabagavathar ,  Adam Oliner

IPC: G06F17/30 ,  G06N99/00 ,  G06N5/04

Abstract: In various embodiments, a natural language (NL) application implements functionality that enables users to more effectively access various data storage systems based on NL requests. As described, the operations of the NL application are guided by, at least in part, on one or more templates and/or machine-learning models. Advantageously, the templates and/or machine-learning models provide a flexible framework that may be readily tailored to reduce the amount of time and user effort associated with processing NL requests and to increase the overall accuracy of NL application implementations.

公开(公告)号：US10193901B2

公开(公告)日：2019-01-29

申请号：US14928421

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas

IPC: H04L29/06 ,  G06N99/00 ,  G06F17/30 ,  G06N7/00 ,  G06F3/0482 ,  G06K9/20 ,  G06F3/0484 ,  H04L12/24 ,  H04L12/26 ,  G06F17/22 ,  G06N5/04

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US10193775B2

公开(公告)日：2019-01-29

申请号：US15276750

申请日：2016-09-26

Applicant: Splunk Inc.

Inventor： Tristan Antonio Fletcher ,  Hemendra Singh Choudhary ,  Ross Andrew Lazerowitz ,  Chakravarthy Sridhar

IPC: G06F3/0484 ,  H04L12/26 ,  H04L12/24 ,  G06Q10/06 ,  G06F9/54 ,  G06F3/0481 ,  G06F3/0482 ,  G06F17/30

Abstract: An automatic service monitor in an information technology environment is equipped to automatically identify and group recognized events based on user-defined criteria, and to automatically perform user-defined operations against the group and its members at the detection of user-specified conditions. A related user interface is taught.

公开(公告)号：US10185740B2

公开(公告)日：2019-01-22

申请号：US15011284

申请日：2016-01-29

Applicant: SPLUNK, INC.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud ,  Carl Sterling Yestrau

IPC: G06F17/30 ,  G06F3/0482 ,  G06F3/0481 ,  G06F3/0484 ,  H04L12/24 ,  G06F11/07

Abstract: An event view selector for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events and apply a late binding schema to extract events that match the search criteria and provide search results for display via the search user interface. The search user interface exposes an event view selector operable to enable transitions between multiple different views of the events associated with different levels of detail. The views may include at least a raw view, a list view, and a table view. Responsive to receiving an indication of a view selected via the event view selector, the selected view may be exposed via the search user interface.

公开(公告)号：US20190012304A1

公开(公告)日：2019-01-10

申请号：US16042989

申请日：2018-07-23

Applicant: Splunk Inc.

Inventor： MARC VINCENT ROBICHAUD ,  CORY EUGENE BURKE ,  JEFFREY THOMAS LLOYD ,  JESSE MILLER

IPC: G06F17/24 ,  G06F17/30 ,  G06F21/62 ,  G06F3/0484 ,  G06Q10/10

Abstract: A search interface is displayed in a table format that includes one or more columns, each column including data items of an event attribute, the data items being of a set of events, and a plurality of rows forming cells with the one or more columns, each cell including one or more of the data items of the event attribute of a corresponding column. Based on a user selecting one or more of the cells, a list of options if displayed corresponding to the selection, and one or more commands are added to a search query that corresponds to the set of events, the one or more commands being based on at least an option that is selected from the list of options and the event attribute for each of the one or more of the data items of each of the selected one or more cells.

公开(公告)号：US10178152B2

公开(公告)日：2019-01-08

申请号：US15143472

申请日：2016-04-29

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Vishal Patel ,  Geoffrey Hendrey ,  Eric Woo

IPC: H04L12/24 ,  G06F15/16 ,  H04L29/08

Abstract: In a computer-implemented method for configuring a distributed computer system comprising a plurality of nodes of a plurality of node classes, configuration files for a plurality of nodes of each of the plurality of node classes are stored in a central repository. The configuration files include information representing a desired system state of the distributed computer system, and the distributed computer system operates to keep an actual system state of the distributed computer system consistent with the desired system state. The plurality of node classes includes forwarder nodes for receiving data from an input source, indexer nodes for indexing the data, and search head nodes for searching the data. Responsive to receiving changes to the configuration files, the changes are propagated to nodes of the plurality of nodes impacted by the changes based on a node class of the nodes impacted by the changes.

公开(公告)号：US20190007448A1

公开(公告)日：2019-01-03

申请号：US16107972

申请日：2018-08-21

Applicant: Splunk Inc.

Inventor： Sourabh SATISH ,  Oliver FRIEDRICHS ,  Atif MAHADIK ,  Govind SALINAS

IPC: H04L29/06 ,  G06F17/30 ,  G06F21/55

CPC classification number: H04L63/1441 ,  G06F16/285 ,  G06F21/554 ,  H04L47/2425 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20

Abstract: Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.

公开(公告)号：US20190007294A1

公开(公告)日：2019-01-03

申请号：US16122606

申请日：2018-09-05

Applicant: Splunk Inc.

Inventor： Toufic Boubez

IPC: H04L12/26 ,  H04L12/24

CPC classification number: H04L43/0876 ,  H04L41/0686 ,  H04L41/0883 ,  H04L43/04

Abstract: An anomaly detection system is able to detect spatial and temporal environment anomalies and spatial and temporal behavior anomalies, and monitor servers for anomalous characteristics of the environment and behavior. If metrics and/or characteristics associated with a given server are beyond a certain threshold, and alert is generated. Among other options, the alert can take the form of a heat map or a cluster cohesiveness report.