-
Patent Agency Ranking
公开(公告)号:US09836598B2
公开(公告)日:2017-12-05
申请号:US14691535
申请日:2015-04-20
Applicant: Splunk Inc.
Inventor: Ravi Iyer , Devendra Badhani , Vijay Chauhan
CPC classification number: G06F21/552 , G06F21/566 , G06Q10/00
Abstract: Systems and methods are disclosed for associating an entity with a risk score that may indicate a security threat associated with the entity's activity. An exemplary method may involve monitoring the activity of a subset of the set of entities (e.g., entities included in a watch list) by executing a search query against events indicating the activity of the subset of entities. The events may be associated with timestamps and may include machine data. Executing the search query may produce search results that pertain to activity of a particular entity from the subset. The search results may be evaluated based on a triggering condition corresponding to the statistical baseline. When the triggering condition is met, a risk score for the particular entity may be updated. The updated risk score may be displayed to a user via a graphical user interface (GUI).
-
42.发明申请公开(公告)号:US20160307173A1
公开(公告)日:2016-10-20
申请号:US14691475
申请日:2015-04-20
Applicant: Splunk Inc.
Inventor: Vijay Chauhan , Banipal Shahbaz , David Hazekamp
CPC classification number: G06F17/30572 , G06F17/30312 , G06F17/30946 , G06Q2220/18
Abstract: A data intake and query system measures an amount of raw data ingested by the system during defined periods of time. As used herein, ingesting raw data generally refers to receiving the raw data from one or more computing devices and processing the data for storage and searchability. Processing the data may include, for example, parsing the raw data into “events,” where each event includes a portion of the received data and is associated with a timestamp. Based on a calculated number of events generated by the system during one or more defined time periods, the system may calculate various metrics including, but not limited to, a number of events generated during a particular day, a number of events generated per day over a period of time, a maximum number of events generated in a day over a period of time, an average number of events generated per day, etc.
Abstract translation: 数据采集和查询系统测量系统在定义的时间段内摄取的原始数据量。 如本文所使用的,摄取原始数据通常是指从一个或多个计算设备接收原始数据并处理数据以用于存储和可搜索性。 处理数据可以包括例如将原始数据解析为“事件”,其中每个事件包括接收到的数据的一部分并且与时间戳相关联。 基于在一个或多个定义的时间段期间由系统产生的计算的事件数量,系统可以计算各种度量,包括但不限于在特定日期期间生成的事件的数量,每天产生的事件的数量 一段时间,一段时间内每天生成的最大事件数,每天生成的平均事件数等。
-
公开(公告)号:US20160306965A1
公开(公告)日:2016-10-20
申请号:US14691535
申请日:2015-04-20
Applicant: Splunk Inc.
Inventor: Ravi Iyer , Devendra Badhani , Vijay Chauhan
CPC classification number: G06F21/552 , G06F21/566 , G06Q10/00
Abstract: Systems and methods are disclosed for associating an entity with a risk score that may indicate a security threat associated with the entity's activity. An exemplary method may involve monitoring the activity of a subset of the set of entities (e.g., entities included in a watch list) by executing a search query against events indicating the activity of the subset of entities. The events may be associated with timestamps and may include machine data. Executing the search query may produce search results that pertain to activity of a particular entity from the subset. The search results may be evaluated based on a triggering condition corresponding to the statistical baseline. When the triggering condition is met, a risk score for the particular entity may be updated. The updated risk score may be displayed to a user via a graphical user interface (GUI).
Abstract translation: 公开了系统和方法用于将实体与可能指示与实体的活动相关联的安全威胁的风险评分相关联。 示例性方法可以包括通过针对指示实体子集的活动的事件执行搜索查询来监视该组实体(例如,观察列表中包括的实体)的子集的活动。 这些事件可能与时间戳相关联,并且可能包括机器数据。 执行搜索查询可以产生与该子集相关的特定实体的活动的搜索结果。 可以基于与统计基线对应的触发条件来评估搜索结果。 当满足触发条件时,可以更新特定实体的风险分数。 可以经由图形用户界面(GUI)向用户显示更新的风险分数。
-
公开(公告)号:US20160306871A1
公开(公告)日:2016-10-20
申请号:US14701301
申请日:2015-04-30
Applicant: Splunk Inc.
Inventor: Vijay Chauhan , Banipal Shahbaz , David Hazekamp
Abstract: A data intake and query system measures an amount of raw data ingested by the system during defined periods of time. As used herein, ingesting raw data generally refers to receiving the raw data from one or more computing devices and processing the data for storage and searchability. Processing the data may include, for example, parsing the raw data into “events,” where each event includes a portion of the received data and is associated with a timestamp. Based on a calculated number of events generated by the system during one or more defined time periods, the system may calculate various metrics including, but not limited to, a number of events generated during a particular day, a number of events generated per day over a period of time, a maximum number of events generated in a day over a period of time, an average number of events generated per day, etc.
Abstract translation: 数据采集和查询系统测量系统在定义的时间段内摄取的原始数据量。 如本文所使用的,摄取原始数据通常是指从一个或多个计算设备接收原始数据并处理数据以用于存储和可搜索性。 处理数据可以包括例如将原始数据解析为“事件”,其中每个事件包括接收到的数据的一部分并且与时间戳相关联。 基于在一个或多个定义的时间段期间由系统产生的计算的事件数量,系统可以计算各种度量,包括但不限于在特定日期期间生成的事件的数量,每天产生的事件的数量 一段时间,一段时间内每天生成的最大事件数,每天生成的平均事件数等。
-
公开(公告)号:US09363149B1
公开(公告)日:2016-06-07
申请号:US14815983
申请日:2015-08-01
Applicant: Splunk Inc.
Inventor: Vijay Chauhan , Cary Noel , Wenhui Yu
IPC: G06F17/30 , H04L12/24 , G06T11/20 , G06F3/0482 , G06F3/0484 , H04L12/26
CPC classification number: H04L63/1425 , G06F17/30864 , G06F21/56 , H04L41/22 , H04L43/045 , H04L63/1408 , H04L63/1416
Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.
Abstract translation: 公开了技术和机制,使网络安全分析师和其他用户有效地进行网络安全调查并产生调查结果的有用表示。 如本文所使用的,网络安全调查通常是指分析者(或分析师小组)对可能对管理的计算机网络造成内部和/或外部威胁的一个或多个检测到的网络事件的分析。 网络安全应用程序提供各种接口,使用户能够创建调查时间表,其中调查时间表显示与特定网络安全调查相关的事件的集合。 网络安全应用程序还提供监视和记录与网络安全应用程序的用户交互的功能,其中特定记录的用户交互也可以被添加到一个或多个调查时间线。
-
-
-
-
Search Results
45
records
(took 0.021 seconds)
