公开(公告)号：US11265206B1

公开(公告)日：2022-03-01

申请号：US16051106

申请日：2018-07-31

申请人： Splunk Inc.

发明人： Sourabh Satish

IPC分类号： H04L12/24 ,  H04L29/06 ,  G06F16/34 ,  H04L41/0631 ,  H04L41/14 ,  H04L41/22

摘要： Described herein are systems, methods, and software to enhance the management of responses to incidents in an information technology (IT) environment. In one example, a management system identifies an incident in an IT environment, identifies an initial status for the incident for an analyst of the IT environment, and provides the initial status for display to the analyst. The management system further monitors state information for the incident in the IT environment, identifies a second status of the incident based on the monitored state, and provides the second status for display to the analyst.

公开(公告)号：US11182163B1

公开(公告)日：2021-11-23

申请号：US16119238

申请日：2018-08-31

申请人： Splunk Inc.

发明人： Trenton John Beals ,  Glenn Gallien ,  Govind Salinas ,  Sourabh Satish

IPC分类号： G06F9/30

摘要： Examples described herein relate to customization of courses of action for responding to incidents in information technology (IT) environments. An incident management service executes incident response monitoring, identification and remediation across an IT environment for one or more entities that may have their own configuration of computing assets (computing environment) within the IT environment. A course of action outlines remediation actions for responding to specific types of incidents within an IT environment. A course of action is customized for implementation within a particular computing environment associated with an entity. Customization of a course of action comprises generation and implementation of instruction sets that are usable to tailor remedial actions for execution in computing environments of different entities. An instruction set provides commands/calls that are specific to computing assets associated with an entity, which are usable to execute remedial actions for a specific type of incident.

公开(公告)号：US11019092B2

公开(公告)日：2021-05-25

申请号：US14677493

申请日：2015-04-02

申请人： SPLUNK INC.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

摘要： Systems, methods, and software described herein provide action recommendations to administrators of a computing environment based on effectiveness of previously implemented actions. In one example, an advisement system identifies a security incident for an asset in the computing environment, and obtains enrichment information for the incident. Based on the enrichment information a rule set and associated recommended security actions are identified for the incident. Once the recommended security actions are identified, a subset of the action recommendations are organized based on previous action implementations in the computing environment, and the subset is provided to an administrator for selection.

公开(公告)号：US20210092152A1

公开(公告)日：2021-03-25

申请号：US17033146

申请日：2020-09-25

申请人： Splunk Inc.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： H04L29/06 ,  G06F21/55 ,  G06F16/28

摘要： Systems, methods, and software described herein provide security actions based on related security threat communications. In one example, a method of operating an advisement system includes identifying a security threat within the computing environment, wherein the computing environment comprises a plurality of computing assets. The method further provides obtaining descriptor information for the security threat, and retrieving related communication interactions based on the descriptor information. The method also includes generating a response to the security threat based on the related communication interactions.

公开(公告)号：US20210081523A1

公开(公告)日：2021-03-18

申请号：US17106001

申请日：2020-11-27

申请人： Splunk Inc.

发明人： Govind Salinas ,  Sourabh Satish ,  Robert John Truesdell

IPC分类号： G06F21/45 ,  G06F21/60 ,  H04L29/06

摘要： Described herein are improvements for responding to incidents in an information technology (IT) environment. In one example, a method includes, in an incident response system, receiving authentication information for use by a first component for responding to an incident in an information technology (IT) environment. The method further includes encrypting the authentication information and storing the authentication information in the incident response system along with encrypted parameters for operating the first component. In the incident response system, upon determining that the first component requires the authentication information for an interaction, the method provides retrieving the authentication information and providing the authentication information to the first component.

公开(公告)号：US10834120B2

公开(公告)日：2020-11-10

申请号：US14868553

申请日：2015-09-29

申请人： SPLUNK INC.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

摘要： Systems, methods, and software described herein provide security actions based on related security threat communications. In one example, a method of operating an advisement system includes identifying a security threat within the computing environment, wherein the computing environment comprises a plurality of computing assets. The method further provides obtaining descriptor information for the security threat, and retrieving related communication interactions based on the descriptor information. The method also includes generating a response to the security threat based on the related communication interactions.

公开(公告)号：US10742484B1

公开(公告)日：2020-08-11

申请号：US16051183

申请日：2018-07-31

申请人： Splunk Inc.

发明人： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC分类号： H04L12/24 ,  H04L29/06

摘要： Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.

公开(公告)号：US10425441B2

公开(公告)日：2019-09-24

申请号：US16107975

申请日：2018-08-21

申请人： Splunk Inc.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

摘要： Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.

公开(公告)号：US20190253459A1

公开(公告)日：2019-08-15

申请号：US16393803

申请日：2019-04-24

申请人： Splunk Inc.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Ryan Russell

IPC分类号： H04L29/06 ,  G06F21/00 ,  G06F21/57

CPC分类号： H04L63/20 ,  G06F21/00 ,  G06F21/577

摘要： Systems, methods, and software described herein provide for identifying recommended feature sets for new security applications. In one example, a method of providing recommended feature sets for a new security application includes identifying a request for the new security application, and determining a classification for the new security application. The method further provides identifying related applications to the new security application based on the classification, and identifying a feature set for the new security application based on features provided in the related applications.

公开(公告)号：US20180316718A1

公开(公告)日：2018-11-01

申请号：US15924759

申请日：2018-03-19

申请人： SPLUNK INC.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： H04L29/06 ,  G06F17/30 ,  G06F21/55

摘要： Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.