公开(公告)号：US11922222B1

公开(公告)日：2024-03-05

申请号：US16777612

申请日：2020-01-30

Applicant: Splunk Inc.

Inventor： Gaurav Chawla ,  Mehul Goyal ,  Sanish Mahadik ,  Sumeet Rohatgi

IPC: G06F9/46 ,  G06F8/71 ,  G06F9/455 ,  G06F9/50

CPC classification number: G06F9/5077 ,  G06F8/71 ,  G06F9/45558 ,  G06F2009/45562 ,  G06F2009/4557

Abstract: A control plane system can be used to manage or generated components in a shared computing resource environment. To generate a modified components, the control plane system can receive receiving configurations of a component. The configurations can include software versions and/or parameters for the component. Using the configurations, the control plane system can generate an image of a modified component, and communicate the image to a master node in the shared computing resource environment. The master node can provides one or more instances of the modified component for use based on the received image.

公开(公告)号：US11921799B1

公开(公告)日：2024-03-05

申请号：US18162632

申请日：2023-01-31

Applicant: Splunk Inc.

Inventor： Iman Makaremi ,  Gyanendra Rana ,  Iryna Vogler-Ivashchanka ,  Adam Oliner ,  Harsh Keswani ,  Manish Sainani ,  Alexander Kim

IPC: H04L41/069 ,  G06F16/2458 ,  G06F16/951 ,  G06F40/30 ,  H04L41/0686 ,  H04L67/01 ,  H04L67/141

CPC classification number: G06F16/951 ,  G06F16/2471 ,  G06F40/30 ,  H04L41/0686 ,  H04L41/069 ,  H04L67/01 ,  H04L67/141

Abstract: Operational machine components of an information technology (IT) or other microprocessor- or microcontroller-permeated environment generate disparate forms of machine data. Network connections are established between these components and processors of an automatic data intake and query system (DIQS). The DIQS conducts network transactions on a periodic and/or continuous basis with the machine components to receive the disparate data and ingest certain of the data as measurement entries of a DIQS metrics datastore that is searchable for DIQS query processing. The DIQS may receive search queries to process against the received and ingested data via an exposed network interface. In one example embodiment, a query building component conducts a user interface using a network attached client device. The query building component may elicit search criteria via the user interface using a natural language interface, construct a proper query therefrom, and present new information based on results returned from the DIQS.

公开(公告)号：US11921672B2

公开(公告)日：2024-03-05

申请号：US16657872

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee ,  Timothy Tully

IPC: G06F16/14 ,  G06F16/13 ,  G06F16/17

CPC classification number: G06F16/148 ,  G06F16/13 ,  G06F16/1734

Abstract: Systems and methods are described for executing a query of raw machine data that is stored at a remote data store that may store heterogeneous data. The system can determine the directories or file types that may store event data and may instruct one or more worker nodes to access files that may store events based on the determined directories of file types. Further, the system may exclude files at the remote data store that may not be identified as potentially storing events enabling a query that implicates a heterogeneous data store to be efficiently executed.

公开(公告)号：US11902306B1

公开(公告)日：2024-02-13

申请号：US16863911

申请日：2020-04-30

Applicant: Splunk Inc.

Inventor： Sourabh Satish

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1441 ,  H04L2463/121

Abstract: Techniques are described for enabling an IT and security operations application to detect and remediate advanced persistent threats (APTs). The detection of APTs involves the execution of search queries to search event data that initially was associated with lower-severity activity or that otherwise did not initially rise to the level of actionable event data in the application. The execution of such search queries may thus generally be configured to search non-real-time event data, e.g., event data that outside of a current window of days or a week and instead searches and aggregates event data spanning time periods of many weeks, months, or years. Due the nature of APTs, analyses of historical event data spanning such relatively long periods of time may in the aggregate uncover the types of persistent activity associated with APTs that would otherwise go undetected based only on searches of more current, real-time event data.

公开(公告)号：US11892996B1

公开(公告)日：2024-02-06

申请号：US16513365

申请日：2019-07-16

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Eric Woo

IPC: G06F16/22 ,  G06F16/23 ,  G06F16/245 ,  G06F9/50 ,  G06F11/34

CPC classification number: G06F16/2255 ,  G06F9/50 ,  G06F16/2379 ,  G06F16/245 ,  G06F11/34

Abstract: Systems and methods are described for monitoring indexing nodes, populating and maintaining a resource catalog with relevant information, receiving requests for indexing node availability or assignments, identifying indexing nodes that are available to process data, and/or communicating information relating to available indexing nodes. The system can maintain the resource catalog based on communications with each of the containerized indexing nodes. The system can receive, from a partition manager of a data intake and query system, a request for a containerized indexing node that the partition manager can assign to process data received by the partition manager. The system can identify an available containerized indexing node to process the data. The system can communicate, to the partition manager, an indexing node identifier associated with the available containerized indexing node.

公开(公告)号：US11886844B1

公开(公告)日：2024-01-30

申请号：US17950848

申请日：2022-09-22

Applicant: Splunk Inc.

Inventor： Matthew Hanson ,  Sydney Flak ,  Colin Fagan ,  Jeffery Roberts ,  Govinda Salinas ,  Philip Royer

IPC: G06F9/44 ,  G06F8/36 ,  G06F9/445 ,  G06F8/658 ,  G06F8/71

CPC classification number: G06F8/36 ,  G06F8/658 ,  G06F8/71 ,  G06F9/44521

Abstract: Techniques are described for enabling users of an information technology (IT) and security operations application to create highly reusable custom functions for playbooks. The creation and execution of playbooks using an IT and security operations application generally enables users to automate operations related to an IT environment responsive to the identification of various types of incidents or other triggering conditions. Users can create playbooks to automate operations such as, for example, modifying firewall settings, quarantining devices, restarting servers, etc., to improve users' ability to efficiently respond to various types of incidents operational issues that arise from time to time in IT environments.

公开(公告)号：US11886451B2

公开(公告)日：2024-01-30

申请号：US17515140

申请日：2021-10-29

Applicant: SPLUNK Inc.

Inventor： Sunil Kittinakere Nagesh Koundinya ,  Ramakrishnan Hariharan Chandrasekharapuram ,  Paul Ingram ,  Joseph Ari Ross

IPC: G06F16/2458

CPC classification number: G06F16/2462 ,  G06F16/2474 ,  G06F16/2477

Abstract: Described are systems, methods, and techniques for collecting, analyzing, processing, and storing time series data and for evaluating and determining whether and how to include late or delayed data points for inclusion when publishing or storing the time series data. Maximum delay values can identify a duration for waiting for late or delayed data, such as prior to publication. In some examples, maximum delay values can be dynamically adjustable based on a statistical evaluation process. For late or delayed data points that are received after the maximum delay elapses, some data points can be included in the stored time series data, such as if they are received in the same order that they are generated.

公开(公告)号：US11876821B1

公开(公告)日：2024-01-16

申请号：US18167040

申请日：2023-02-09

Applicant: Splunk Inc.

Inventor： Robert Winslow Pratt ,  Ravi Prasad Bulusu

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/14 ,  H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1425 ,  G06N20/00 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/20 ,  H04L2463/121

Abstract: First event data, indicative of a first activity on a computer network and second event data indicative of a second activity on the computer network, is received. A first machine learning anomaly detection model is applied to the first event data, by a real-time analysis engine operated by the threat indicator detection system in real time, to detect first anomaly data. A second machine learning anomaly detection model is applied to the first anomaly data and the second event data, by a batch analysis engine operated by the threat indicator detection system in a batch mode, to detect second anomaly data. A third anomaly is detected using an anomaly detection rule. The threat indictor system processes the first anomaly data, the second anomaly data, and the third anomaly data using a threat indicator model to identify a threat indicator associated with a potential security threat to the computer network.

公开(公告)号：US11870802B1

公开(公告)日：2024-01-09

申请号：US17710523

申请日：2022-03-31

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L9/40 ,  G06F21/55 ,  G06F16/28 ,  H04L47/2425

CPC classification number: H04L63/1441 ,  G06F16/285 ,  G06F21/554 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20 ,  H04L47/2425

Abstract: Systems, methods, and software described herein provide security actions based on related security threat communications. In one example, a method of operating an advisement system includes identifying a security threat within the computing environment, wherein the computing environment comprises a plurality of computing assets. The method further provides obtaining descriptor information for the security threat, and retrieving related communication interactions based on the descriptor information. The method also includes generating a response to the security threat based on the related communication interactions.

公开(公告)号：US11868234B1

公开(公告)日：2024-01-09

申请号：US17698851

申请日：2022-03-18

Applicant: SPLUNK INC.

Inventor： Mayank Agarwal ,  Steven Karis ,  Justin Smith

IPC: G06F11/36

CPC classification number: G06F11/3616 ,  G06F11/3612 ,  G06F11/3636 ,  G06F11/3664

Abstract: Monitoring and troubleshooting tools provide the capability to visualize different levels of a client's application that is deployed as a suite of independent but cooperating services (e.g., an application that includes a monolithic application and a microservices-based application), collect values of monitored or tracked metrics at those different levels, and visualize values of the metrics at those levels. For example, metrics values can be generated for components of the monolithic application and/or for components of a microservice of the microservice-based application.