中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

75 records (took 0.026 seconds)

    Generating investigation timeline displays including user-selected screenshots
    41.
    发明授权
    Generating investigation timeline displays including user-selected screenshots 有权

    公开(公告)号:US11641372B1

    公开(公告)日:2023-05-02

    申请号:US17827137

    申请日:2022-05-27

    Applicant: Splunk Inc.

    Inventor: Vijay Chauhan Cary Noel Wenhui Yu Luke Murphey Alexander Raitz David Hazekamp

    IPC: H04L9/40 G06F3/0484 G06F16/25 G06F16/248 G06F16/2458 H04L43/026 G06F40/169 G06F21/62 H04L43/06

    Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

    EXECUTING MODULAR ALERTS AND ASSOCIATED SECURITY ACTIONS
    44.
    发明申请
    EXECUTING MODULAR ALERTS AND ASSOCIATED SECURITY ACTIONS 有权

    公开(公告)号:US20210021614A1

    公开(公告)日:2021-01-21

    申请号:US16944433

    申请日:2020-07-31

    Applicant: Splunk Inc.

    Inventor: Banipal Shahbaz Siri Atma Oaklander De Licori John Robert Coates David Hazekamp Devendra Badhani Luke Murphey Patrick Schulz

    IPC: H04L29/06 G06F21/53

    Abstract: Techniques and mechanisms are disclosed for configuring actions to be performed by a network security application in response to the detection of potential security incidents, and for causing a network security application to report on the performance of those actions. For example, users may use such a network security application to configure one or more “modular alerts.” As used herein, a modular alert generally represents a component of a network security application which enables users to specify security modular alert actions to be performed in response to the detection of defined triggering conditions, and which further enables tracking information related to the performance of modular alert actions and reporting on the performance of those actions.

    SYSTEMS AND METHODS FOR DISPLAYING ADJUSTABLE METRICS ON REAL-TIME DATA IN A COMPUTING ENVIRONMENT
    47.
    发明申请
    SYSTEMS AND METHODS FOR DISPLAYING ADJUSTABLE METRICS ON REAL-TIME DATA IN A COMPUTING ENVIRONMENT 审中-公开

    公开(公告)号:US20200153714A1

    公开(公告)日:2020-05-14

    申请号:US16741450

    申请日:2020-01-13

    Applicant: SPLUNK INC.

    Inventor: John Coates Lucas Murphey James Hansen David Hazekamp

    IPC: H04L12/26 H04L12/24

    Abstract: A system and computer-implemented is provided for displaying a configurable metric relating to an environment in a graphical display along with a value of the metric calculated over a configurable time period. The metric is used to identify events of interest in the environment based on processing real time machine data from one or more sources. The configurable metric is selected and a corresponding value is calculated based on the events of interest over the configurable time period. The value of the metric may be continuously updated in real time based on receiving additional real-time machine data and displayed in a graphical interface as time progresses. Statistical trends in the value of the metric may also be determined over the configurable time period and displayed in the graphical interface as well as an indication if the value of the metric exceeds a configurable threshold value. Further, a selection of one or more thresholds for the value of the metric may be applied and an indication displayed indicating if the threshold(s) have been exceeded.

    Configuring the generation of event data based on a triggering search query
    48.
    发明授权
    Configuring the generation of event data based on a triggering search query 有权

    公开(公告)号:US10193916B2

    公开(公告)日:2019-01-29

    申请号:US15799167

    申请日:2017-10-31

    Applicant: Splunk Inc.

    Inventor: Vijay Chauhan Devendra M. Badhani Luke K. Murphey David Hazekamp

    IPC: H04L29/06

    Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.

    CREATING AND TESTING A CORRELATION SEARCH
    49.
    发明申请
    CREATING AND TESTING A CORRELATION SEARCH 审中-公开

    公开(公告)号:US20170371979A1

    公开(公告)日:2017-12-28

    申请号:US15688323

    申请日:2017-08-28

    Applicant: Splunk Inc.

    Inventor: Lucas Murphey David Hazekamp

    IPC: G06F17/30

    CPC classification number: G06F16/90335 G06F16/9032

    Abstract: One or more processing devices receive a definition of a search query for a correlation search of a data store, the data store comprising time-stamped events that each comprise a portion of raw machine data reflecting activity in an information technology environment and produced by a component of the information technology environment, receive a definition of a triggering condition to be applied to a dataset that is produced by the search query, receive a definition of one or more actions to be performed when the dataset produced by the search query satisfies the triggering condition, test the search query with the triggering condition, and cause, based on results of the testing, generation of the correlation search using the defined search query, the triggering condition, and the one or more actions, the correlation search comprising search processing language having the search query and a processing command for criteria on which the triggering condition is based.

Patent Agency Ranking