公开(公告)号：US11501184B1

公开(公告)日：2022-11-15

申请号：US16119322

申请日：2018-08-31

Applicant: Splunk Inc.

Inventor： Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: G06Q10/06 ,  G06F8/34 ,  G06N5/04 ,  G06N5/02

Abstract: Described herein are improvements for generating courses of action for an information technology (IT) environment. In one example, a method includes determining that a decision step occurs between a one step and two or more other steps of a first course of action associated with an incident type in the information technology environment. The method further includes determining possible outputs of the one step that, when used as input to the decision step, cause the first course of action to proceed from the decision step to respective steps of the two or more other steps. The method also includes incorporating logic into the decision step to direct the course of action to respective steps of the two or more other steps based on one or more of the possible outputs.

公开(公告)号：US10986120B2

公开(公告)日：2021-04-20

申请号：US16568949

申请日：2019-09-12

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

Abstract: Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.

公开(公告)号：US20200351259A1

公开(公告)日：2020-11-05

申请号：US16934915

申请日：2020-07-21

Applicant: Splunk Inc.

Inventor： Govind Salinas ,  Sourabh Satish ,  Robert John Truesdell

IPC: H04L29/06

Abstract: Described herein are systems, methods, and software to enhance incident response in an information technology (IT) environment. In one example, an incident service identifies a course of action to respond to an incident in the IT environment. The incident service further identifies a particular step in the course of action associated with a credential requirement based on traits associated with the particular step, and generates a credential request to obtain credentials to support the credential requirement.

公开(公告)号：US10757093B1

公开(公告)日：2020-08-25

申请号：US16119984

申请日：2018-08-31

Applicant: Splunk Inc.

Inventor： Govind Salinas ,  Sourabh Satish ,  Robert John Truesdell

IPC: H04L29/06

Abstract: Described herein are systems, methods, and software to enhance incident response in an information technology (IT) environment. In one example, an incident service identifies a course of action to respond to an incident in the IT environment. The incident service further identifies a particular step in the course of action associated with a credential requirement based on traits associated with the particular step, and generates a credential request to obtain credentials to support the credential requirement.

公开(公告)号：US20200259858A1

公开(公告)日：2020-08-13

申请号：US16863557

申请日：2020-04-30

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28

Abstract: Systems, methods, and software described herein provide for identifying and implementing security actions within a computing environment. In one example, a method of operating an advisement system to provide security actions in a computing environment includes identifying communication interactions between a plurality of computing assets and, after identifying the communication interactions, identifying a security incident in a first computing asset. The method further provides identifying at least one related computing asset to the first asset based on the communication interactions, and determining the security actions to be taken in the first computing asset and the related computing asset.

公开(公告)号：US10158663B2

公开(公告)日：2018-12-18

申请号：US15699454

申请日：2017-09-08

Applicant: SPLUNK INC.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F17/30 ,  H04L12/851

Abstract: Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.

公开(公告)号：US12074901B1

公开(公告)日：2024-08-27

申请号：US18177620

申请日：2023-03-02

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L9/40 ,  G06F21/57

CPC classification number: H04L63/1433 ,  H04L63/14 ,  H04L63/1441 ,  H04L63/20 ,  G06F21/577

Abstract: Systems, methods, and software described herein provide for validating security actions before they are implemented in a computing network. In one example, a computing network may include a plurality of computing assets that provide a variety of different operations. During the operations of the network, administration systems may generate and provide security actions to prevent or mitigate the effect of a security threat on the network. However, prior to implementing the security actions within the network, computing assets may exchange security parameters with the administration systems to verify that the security actions are authentic.

公开(公告)号：US11734008B1

公开(公告)日：2023-08-22

申请号：US17506440

申请日：2021-10-20

Applicant: Splunk Inc.

Inventor： Trenton John Beals ,  Glenn Gallien ,  Govind Salinas ,  Sourabh Satish

IPC: G06F9/30

CPC classification number: G06F9/3017

Abstract: Examples described herein relate to customization of courses of action for responding to incidents in information technology (IT) environments. An incident management service executes incident response monitoring, identification and remediation across an IT environment for one or more entities that may have their own configuration of computing assets (computing environment) within the IT environment. A course of action outlines remediation actions for responding to specific types of incidents within an IT environment. A course of action is customized for implementation within a particular computing environment associated with an entity. Customization of a course of action comprises generation and implementation of sets of instructions that are usable to tailor remedial actions for execution in computing environments of different entities. A set of instructions provides commands/calls that are specific to computing assets associated with an entity, which are usable to execute remedial actions for a specific type of incident.

公开(公告)号：US11647043B2

公开(公告)日：2023-05-09

申请号：US16863557

申请日：2020-04-30

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L9/40 ,  G06F21/55 ,  G06F16/28 ,  H04L47/2425

CPC classification number: H04L63/1441 ,  G06F16/285 ,  G06F21/554 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20 ,  H04L47/2425

Abstract: Systems, methods, and software described herein provide for identifying and implementing security actions within a computing environment. In one example, a method of operating an advisement system to provide security actions in a computing environment includes identifying communication interactions between a plurality of computing assets and, after identifying the communication interactions, identifying a security incident in a first computing asset. The method further provides identifying at least one related computing asset to the first asset based on the communication interactions, and determining the security actions to be taken in the first computing asset and the related computing asset.

公开(公告)号：US11323472B2

公开(公告)日：2022-05-03

申请号：US17033146

申请日：2020-09-25

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L47/2425

Abstract: Systems, methods, and software described herein provide security actions based on related security threat communications. In one example, a method of operating an advisement system includes identifying a security threat within the computing environment, wherein the computing environment comprises a plurality of computing assets. The method further provides obtaining descriptor information for the security threat, and retrieving related communication interactions based on the descriptor information. The method also includes generating a response to the security threat based on the related communication interactions.