公开(公告)号：US11641372B1

公开(公告)日：2023-05-02

申请号：US17827137

申请日：2022-05-27

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L9/40 ,  G06F3/0484 ,  G06F16/25 ,  G06F16/248 ,  G06F16/2458 ,  H04L43/026 ,  G06F40/169 ,  G06F21/62 ,  H04L43/06

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US11269476B2

公开(公告)日：2022-03-08

申请号：US15721551

申请日：2017-09-29

Applicant: Splunk Inc.

Inventor： Cary Noel ,  John Coates

IPC: G06F3/0481 ,  G06F3/0484 ,  G06F16/248 ,  G06F16/2458 ,  G06F3/04842

Abstract: A visualization can include a set of swim lanes, each swim lane representing information about an event type. An event type can be specified, e.g., as those events having certain keywords and/or having specified value(s) for specified field(s). The swim lane can plot when (within a time range) events of the associated event type occurred. Specifically, each such event can be assigned to a bucket having a bucket time matching the event time. A swim lane can extend along a timeline axis in the visualization, and the buckets can be positioned at a point along the axis that represents the bucket time. Thus, the visualization may indicate whether events were clustered at a point in time. Because the visualization can include a plurality of swim lanes, the visualization can further indicate how timing of events of a first type compare to timing of events of a second type.

公开(公告)号：US11132111B2

公开(公告)日：2021-09-28

申请号：US16264568

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey

IPC: G06F3/0484 ,  H04L29/06

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US20210067535A1

公开(公告)日：2021-03-04

申请号：US17018360

申请日：2020-09-11

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L29/06 ,  G06F3/0484 ,  G06F16/25 ,  G06F16/248 ,  G06F16/2458 ,  H04L12/26 ,  G06F40/169 ,  G06F21/62

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US10778712B2

公开(公告)日：2020-09-15

申请号：US16264561

申请日：2019-01-31

Applicant: Splunk Inc

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L29/06 ,  G06F3/0484 ,  G06F16/25 ,  G06F16/248 ,  G06F16/2458 ,  H04L12/26 ,  G06F40/169 ,  G06F21/62

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US20200250178A1

公开(公告)日：2020-08-06

申请号：US16264562

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Paul Boster ,  Keith Kramer ,  Cary Noel ,  Isabelle Park

IPC: G06F16/248 ,  G06F16/25

Abstract: Systems and methods are disclosed for implementing a data stream correlation user interface. The data stream correlation user interface provides workflows for selecting individual data sources from a matrix of data sources, identifying individual data fields of the data sources, establishing criteria for determining correlations between them, and reviewing and enabling user verification of correlated data sources. Correlations may be established based on the values of data fields in individual records of the data sources, and may be determined based on correspondences or associations between the values, lookup tables, formulas, user-specified criteria, or other relationships.

公开(公告)号：US10671262B2

公开(公告)日：2020-06-02

申请号：US15886804

申请日：2018-02-01

Applicant: Splunk Inc.

Inventor： Nicholas Filippi ,  Siegfried Puchbauer-Schnabel ,  Cary Noel

IPC: G06F3/0484

Abstract: Provided are systems and methods for determining and displaying automatically binned information via a graphical user interface. A graphical user interface (GUI) may include a first graphical element representing a first metric value for a first time window and a second graphical element representing a second metric value for a second time window. An indication of a selection of the first time window may be received via the GUI. An updated GUI comprising a third graphical element representing a third metric value for the third time window and a fourth graphical element representing the fourth metric value for the fourth time window may be displayed, wherein the third time window and the fourth time window may be sub-ranges of the first time window.

公开(公告)号：US20200057554A1

公开(公告)日：2020-02-20

申请号：US16671017

申请日：2019-10-31

Applicant: Splunk Inc.

Inventor： Cary Noel ,  Ian Link

IPC: G06F3/0484 ,  G06Q10/06 ,  G06F16/00

Abstract: Data values for various items are visualized in real-time or near real-time using radial-based techniques to produce data visualizations bearing some resemblance to, for example, pie charts, radial charts, etc. The data values are shown using indicators that encircle, or at least partially encircle, a central point. One or more characteristics of the indicator reflect the value that corresponds to the indicator. The characteristics may include, for instance, the color of the indicator and/or the distance of the indicator (or more specifically, a given point on the indicator) from the central point. The characteristics of the indicators change over time, in accordance with changes in the current values of the data items. A variety of indicators may be used, including, without limitation, points, icons, pie “wedges,” filled or partially-filled sectors of an ellipse or semi-circle, arcs or lines that span between the sides of such sectors, and so forth.

公开(公告)号：US10509555B2

公开(公告)日：2019-12-17

申请号：US15885799

申请日：2018-01-31

Applicant: Splunk Inc.

Inventor： Cary Noel ,  Ian Link

IPC: G06F3/048 ,  G06F3/0484 ,  G06F16/00 ,  G06Q10/06

Abstract: Data values for various items are visualized in real-time or near real-time using radial-based techniques to produce data visualizations bearing some resemblance to, for example, pie charts, radial charts, etc. The data values are shown using indicators that encircle, or at least partially encircle, a central point. One or more characteristics of the indicator reflect the value that corresponds to the indicator. The characteristics may include, for instance, the color of the indicator and/or the distance of the indicator (or more specifically, a given point on the indicator) from the central point. The characteristics of the indicators change over time, in accordance with changes in the current values of the data items. A variety of indicators may be used, including, without limitation, points, icons, pie “wedges,” filled or partially-filled sectors of an ellipse or semi-circle, arcs or lines that span between the sides of such sectors, and so forth.

公开(公告)号：US20190166145A1

公开(公告)日：2019-05-30

申请号：US16264554

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/55 ,  H04L12/26 ,  H04L12/24 ,  G06F16/951

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.