公开(公告)号：US20240031397A1

公开(公告)日：2024-01-25

申请号：US18231715

申请日：2023-08-08

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L9/40 ,  G06F21/55 ,  G06F16/28

CPC classification number: H04L63/1441 ,  H04L63/20 ,  H04L63/1416 ,  G06F21/554 ,  G06F16/285 ,  H04L63/1433 ,  H04L63/0236 ,  H04L63/1425 ,  H04L47/2425

Abstract: Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.

公开(公告)号：US11677780B2

公开(公告)日：2023-06-13

申请号：US17104537

申请日：2020-11-25

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L9/40 ,  G06F21/55 ,  G06F16/28 ,  H04L47/2425

CPC classification number: H04L63/1441 ,  G06F16/285 ,  G06F21/554 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20 ,  H04L47/2425

Abstract: Systems, methods, and software described herein provide for responding to security threats in a computing environment based on the classification of computing assets in the environment. In one example, a method of operating an advisement computing system includes identifying a security threat for an asset in the computing environment, and identifying a classification for the asset in relation to other assets within the computing environment. The method further provides determining a rule set for the security threat based on the classification for the asset and initiating a response to the security threat based on the rule set.

公开(公告)号：US11658998B2

公开(公告)日：2023-05-23

申请号：US17306703

申请日：2021-05-03

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L9/40 ,  G06F21/55 ,  G06F16/28 ,  H04L47/2425

CPC classification number: H04L63/1441 ,  G06F16/285 ,  G06F21/554 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20 ,  H04L47/2425

Abstract: Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.

公开(公告)号：US11652849B2

公开(公告)日：2023-05-16

申请号：US17125675

申请日：2020-12-17

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Ryan Russell

IPC: H04L9/40 ,  G06F21/00 ,  G06F21/57

CPC classification number: H04L63/20 ,  G06F21/00 ,  G06F21/577

Abstract: Systems, methods, and software described herein provide for identifying recommended feature sets for new security applications. In one example, a method of providing recommended feature sets for a new security application includes identifying a request for the new security application, and determining a classification for the new security application. The method further provides identifying related applications to the new security application based on the classification, and identifying a feature set for the new security application based on features provided in the related applications.

公开(公告)号：US11218357B1

公开(公告)日：2022-01-04

申请号：US16120010

申请日：2018-08-31

Applicant: Splunk Inc.

Inventor： Govind Salinas ,  Sourabh Satish ,  Robert John Truesdell

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/06

Abstract: Described herein are systems, methods, and software to enhance incident response for an information technology (IT) environment. In one implementation, an incident service identifies an incident in the IT environment and determines a correlation between the incident and other incidents in the IT environment. Once correlated, the incident service aggregates incident data of the incident with incident data of the other incidents and generates a summary using the aggregated incident data.

公开(公告)号：US20210385123A1

公开(公告)日：2021-12-09

申请号：US17407738

申请日：2021-08-20

Applicant: Splunk Inc.

Inventor： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: H04L12/24 ,  H04L29/06

Abstract: Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.

公开(公告)号：US11190539B2

公开(公告)日：2021-11-30

申请号：US16699299

申请日：2019-11-29

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

Abstract: Systems, methods, and software described herein provide for managing service level agreements (SLAs) for security incidents in a computing environment. In one example, an advisement system identifies a rule set for a security incident based on enrichment information obtained for the security incident, wherein the rule set is associated with action recommendations to be taken against the incident. The advisement system further identifies a default SLA for the security incident based on the rule set, and obtains environmental characteristics related to the security incident. Based on the environmental characteristics, the advisement system determines a modified SLA for the security incident.

公开(公告)号：US20210314347A1

公开(公告)日：2021-10-07

申请号：US17185612

申请日：2021-02-25

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28

Abstract: Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.

公开(公告)号：US20210281601A1

公开(公告)日：2021-09-09

申请号：US17326070

申请日：2021-05-20

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28

Abstract: Systems, methods, and software described herein provide action recommendations to administrators of a computing environment based on effectiveness of previously implemented actions. In one example, an advisement system identifies a security incident for an asset in the computing environment, and obtains enrichment information for the incident. Based on the enrichment information a rule set and associated recommended security actions are identified for the incident. Once the recommended security actions are identified, a subset of the action recommendations are organized based on previous action implementations in the computing environment, and the subset is provided to an administrator for selection.

公开(公告)号：US10936488B1

公开(公告)日：2021-03-02

申请号：US16119773

申请日：2018-08-31

Applicant: Splunk Inc.

Inventor： Brian Robert Earle ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: G06F11/07 ,  G06F12/0804

Abstract: Described herein are systems, methods, and software to improve incident response in an information technology (IT) environment. In one example, an incident service executes a course of action with one or more actions to respond to an incident in the IT environment. During execution, the incident service identifies a request to obtain data from an external service outside of the IT environment and determines whether the data is cached in a data store for the IT environment. If cached, the incident service obtains the data for the action from the data store. In contrast, if the data is not cached, the incident service obtains the data for the action from the external service.