-
公开(公告)号:US10237292B2
公开(公告)日:2019-03-19
申请号:US15143566
申请日:2016-04-30
Applicant: Splunk Inc.
Inventor: Vijay Chauhan , Cary Noel , Wenhui Yu
Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.
-
Patent Agency Ranking
公开(公告)号:US09921732B2
公开(公告)日:2018-03-20
申请号:US14265854
申请日:2014-04-30
Applicant: Splunk Inc.
IPC: G06F3/048 , G06F8/34 , G06F3/0484 , G06F17/30 , G06Q10/06
CPC classification number: G06F3/04847 , G06F17/30 , G06Q10/063
Abstract: Data values for various items are visualized in real-time or near real-time using radial-based techniques to produce data visualizations bearing some resemblance to, for example, pie charts, radial charts, etc. The data values are shown using indicators that encircle, or at least partially encircle, a central point. One or more characteristics of the indicator reflect the value that corresponds to the indicator. The characteristics may include, for instance, the color of the indicator and/or the distance of the indicator (or more specifically, a given point on the indicator) from the central point. The characteristics of the indicators change over time, in accordance with changes in the current values of the data items. A variety of indicators may be used, including, without limitation, points, icons, pie “wedges,” filled or partially-filled sectors of an ellipse or semi-circle, arcs or lines that span between the sides of such sectors, and so forth.
-
公开(公告)号:US09848008B2
公开(公告)日:2017-12-19
申请号:US15339952
申请日:2016-11-01
Applicant: Splunk Inc
Inventor: Vijay Chauhan , Cary Noel , Wenhui Yu , Luke Murphey , Alexander Raitz , David Hazekamp
CPC classification number: H04L63/1425 , G06F3/0484 , G06F17/241 , G06F17/30551 , G06F17/30554 , G06F17/30557 , G06F21/629 , G06F2221/2151 , H04L43/06
Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.
-
公开(公告)号:US09811234B2
公开(公告)日:2017-11-07
申请号:US14691045
申请日:2015-04-20
Applicant: Splunk Inc.
Inventor: Cary Noel , John Coates
IPC: G06F3/048 , G06F3/0481 , G06F17/30 , G06F3/0484
CPC classification number: G06F3/0481 , G06F3/0484 , G06F3/04842 , G06F17/30551 , G06F17/30554
Abstract: A visualization can include a set of swim lanes, each swim lane representing information about an event type. An event type can be specified, e.g., as those events having certain keywords and/or having specified value(s) for specified field(s). The swim lane can plot when (within a time range) events of the associated event type occurred. Specifically, each such event can be assigned to a bucket having a bucket time matching the event time. A swim lane can extend along a timeline axis in the visualization, and the buckets can be positioned at a point along the axis that represents the bucket time. Thus, the visualization may indicate whether events were clustered at a point in time. Because the visualization can include a plurality of swim lanes, the visualization can further indicate how timing of events of a first type compare to timing of events of a second type.
-
公开(公告)号:US09363149B1
公开(公告)日:2016-06-07
申请号:US14815983
申请日:2015-08-01
Applicant: Splunk Inc.
Inventor: Vijay Chauhan , Cary Noel , Wenhui Yu
IPC: G06F17/30 , H04L12/24 , G06T11/20 , G06F3/0482 , G06F3/0484 , H04L12/26
CPC classification number: H04L63/1425 , G06F17/30864 , G06F21/56 , H04L41/22 , H04L43/045 , H04L63/1408 , H04L63/1416
Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.
Abstract translation: 公开了技术和机制,使网络安全分析师和其他用户有效地进行网络安全调查并产生调查结果的有用表示。 如本文所使用的,网络安全调查通常是指分析者(或分析师小组)对可能对管理的计算机网络造成内部和/或外部威胁的一个或多个检测到的网络事件的分析。 网络安全应用程序提供各种接口,使用户能够创建调查时间表,其中调查时间表显示与特定网络安全调查相关的事件的集合。 网络安全应用程序还提供监视和记录与网络安全应用程序的用户交互的功能,其中特定记录的用户交互也可以被添加到一个或多个调查时间线。
-
公开(公告)号:US20150082221A1
公开(公告)日:2015-03-19
申请号:US14326459
申请日:2014-07-08
Applicant: Splunk Inc.
Inventor: Cary Noel , John Coates
IPC: G06F3/0484
CPC classification number: G06F3/0481 , G06F3/0484 , G06F3/04842 , G06F17/30551 , G06F17/30554
Abstract: A visualization can include a set of swim lanes, each swim lane representing information about an event type. An event type can be specified, e.g., as those events having certain keywords and/or having specified value(s) for specified field(s). The swim lane can plot when (within a time range) events of the associated event type occurred. Specifically, each such event can be assigned to a bucket having a bucket time matching the event time. A swim lane can extend along a timeline axis in the visualization, and the buckets can be positioned at a point along the axis that represents the bucket time. Thus, the visualization may indicate whether events were clustered at a point in time. Because the visualization can include a plurality of swim lanes, the visualization can further indicate how timing of events of a first type compare to timing of events of a second type.
Abstract translation: 可视化可以包括一组泳道,每个泳道表示关于事件类型的信息。 可以指定事件类型,例如作为具有某些关键字的事件和/或具有指定字段的指定值的事件。 泳道可以绘制发生相关事件类型的事件(在一段时间内)。 特别地,每个这样的事件可以被分配给具有与事件时间匹配的桶时间的桶。 泳道可以沿着可视化中的时间线轴线延伸,并且桶可以被定位在沿轴线的表示铲斗时间的点上。 因此,可视化可以指示事件是否在某个时间点聚集。 因为可视化可以包括多个泳道,所以可视化可以进一步指示第一类型的事件的定时与第二类型的事件的定时比较。
-
-
-
-
-
Search Results
46
records
(took 0.021 seconds)
