公开(公告)号：US11895126B1

公开(公告)日：2024-02-06

申请号：US16657964

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Robert John Truesdell

IPC: H04L29/06 ,  H04L9/40 ,  G06F9/451

CPC classification number: H04L63/1416 ,  G06F9/451 ,  H04L63/0281 ,  H04L63/1441

Abstract: An information technology (IT) and security operations application is described that enables cross-tenant analyses of data to derive insights that can be used to provide actionable information across the application including, for example, action recommendations, threat confidence scores, and other incident data enrichments. The generation and presentation of such information to users of an IT and security operations application can enable analyst teams to more efficiently and accurately respond to various types of incidents in IT environments, thereby improving the overall operation and security of the IT environments. Furthermore, because of the shared use of an IT and security operations application concurrently by any number of separate tenants, such cross-tenant analyses can be performed in near real-time and on an ongoing basis to deliver relevant insights.

公开(公告)号：US11893675B1

公开(公告)日：2024-02-06

申请号：US17515345

申请日：2021-10-29

Applicant: SPLUNK INC.

Inventor： Devin Bhushan ,  Caelin Thomas Jackson-King ,  Stanislav Yazhenskikh ,  Jim Jiaming Zhu

IPC: G06T15/04 ,  G06T7/00 ,  G06T17/05 ,  G06T17/20

CPC classification number: G06T15/04 ,  G06T7/0002 ,  G06T17/05 ,  G06T17/20 ,  G06T2200/08 ,  G06T2207/30168

Abstract: Various implementations set forth a computer-implemented method for scanning a three-dimensional (3D) environment. The method includes generating, in a first time interval, a first extended reality (XR) stream based on a first set of meshes representing a 3D environment, transmitting, to a remote device, the first XR stream for rendering a 3D representation of a first portion of the 3D environment in a remote XR environment, determining that the 3D environment has changed based on a second set of meshes representing the 3D environment and generated subsequent to the first time interval, generating a second XR stream based on the second set of meshes, and transmitting, to the remote device, the second XR stream for rendering a 3D representation of at least a portion of the changed 3D environment in the remote XR environment.

公开(公告)号：US11892988B1

公开(公告)日：2024-02-06

申请号：US17163269

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Kan Wu ,  Ian Edward Torbett ,  James Wang

IPC: G06F16/21 ,  G06F16/2453 ,  G06F16/26 ,  G06F11/34 ,  G06F8/658 ,  G06F11/32

CPC classification number: G06F16/213 ,  G06F8/658 ,  G06F11/327 ,  G06F11/3466 ,  G06F16/219 ,  G06F16/24532 ,  G06F16/26

Abstract: A method includes selecting, from content packs in a centralized content management system, a content pack to update in a data intake and query system. The content pack includes utility objects. For each utility object of at least a subset of the utility objects determining whether the utility object already exists in the data intake and query system, and loading the utility object to the data intake and query system when the utility object does not exist to obtain an updated utility object. The method further includes monitoring, by the data intake and query system, an endpoint of an endpoint type using the updated utility object.

公开(公告)号：US11886475B1

公开(公告)日：2024-01-30

申请号：US17745848

申请日：2022-05-16

Applicant: Splunk Inc.

Inventor： Arvind Swaminathan ,  Xiang Zhou

IPC: G06F7/00 ,  G06F16/33 ,  G06N5/022

CPC classification number: G06F16/334 ,  G06N5/022

Abstract: A service monitoring system (SMS) transforms machine data from a monitored information technology (IT) environment into meaningful key performance indicators (KPIs) that each represents some measure of a service implemented by the environment on an ongoing basis. An overall health score for the service is determined from the KPIs and a prediction is made for a future health score. Data regarding a particular KPI and other KPIs is transformed to predicted future values for the particular KPI over a prediction window. Additionally, predicted future KPI scores may be used to determine a KPI impact score reflecting some measure of the degree to which the KPI, its related components, or processing related thereto, can influence the actual future health score. The KPI impact scores condition or direct the future operation of one or more SMS processes. Production of an impactor list identifying priority targets for interventive processing may be produced based at least on KPI impact scores and may also condition or direct the future operation of one or more SMS processes.

公开(公告)号：US11886464B1

公开(公告)日：2024-01-30

申请号：US18100329

申请日：2023-01-23

Applicant: Splunk Inc.

Inventor： Adam Jamison Oliner ,  Kristal Curtis ,  Iman Makaremi ,  Ross Andrew Lazerowitz

IPC: H04L41/0604 ,  G06F16/28 ,  G06F16/21 ,  G06F9/54 ,  H04L41/22 ,  H04L41/069 ,  H04L41/5009 ,  H04L41/0681 ,  G06Q10/0639 ,  G06Q10/20 ,  G06F16/903 ,  G06Q10/10 ,  H04L67/50

CPC classification number: G06F16/282 ,  G06F9/542 ,  G06F16/213 ,  G06F16/903 ,  G06Q10/06393 ,  G06Q10/10 ,  G06Q10/20 ,  H04L41/0604 ,  H04L41/069 ,  H04L41/0681 ,  H04L41/22 ,  H04L41/5009 ,  H04L67/535

Abstract: Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

公开(公告)号：US20240031397A1

公开(公告)日：2024-01-25

申请号：US18231715

申请日：2023-08-08

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L9/40 ,  G06F21/55 ,  G06F16/28

CPC classification number: H04L63/1441 ,  H04L63/20 ,  H04L63/1416 ,  G06F21/554 ,  G06F16/285 ,  H04L63/1433 ,  H04L63/0236 ,  H04L63/1425 ,  H04L47/2425

Abstract: Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.

公开(公告)号：US11882099B1

公开(公告)日：2024-01-23

申请号：US17162941

申请日：2021-01-29

Applicant: SPLUNK INC.

Inventor： Jesse Chor ,  Michael Emery

IPC: H04L9/40 ,  H04L12/46 ,  H04L9/30 ,  G06F16/27 ,  G06F16/951

CPC classification number: H04L63/029 ,  G06F16/27 ,  G06F16/951 ,  H04L9/30 ,  H04L12/4633 ,  H04L63/0442 ,  H04L63/08

Abstract: Various embodiments of the present application set forth a computer-implemented method that includes receiving, by a trusted tunnel bridge and from a first application executing in a first network, a first encrypted data packet, where the first encrypted data packet includes an encrypted portion of data, and a destination device identifier (DDI). The method further includes determining, by the trusted tunnel bridge, a particular device in a second network and associated with the DDI included in the first encrypted data packet. The method further includes sending, by the trusted tunnel bridge directly to the particular device, the first encrypted data packet.

公开(公告)号：US11870673B2

公开(公告)日：2024-01-09

申请号：US17451518

申请日：2021-10-20

Applicant: SPLUNK INC.

Inventor： Konstantinos Polychronis

IPC: H04L43/12 ,  H04L43/08 ,  H04L69/22 ,  H04L43/00 ,  H04L43/028

CPC classification number: H04L43/12 ,  H04L43/08 ,  H04L69/22 ,  H04L43/028 ,  H04L43/14

Abstract: Various methods and systems for facilitating network traffic monitoring in association with an application running on a client device are provided. In this regard, aspects of the invention facilitate monitoring network traffic being transmitted to and/or from a client device, such as a mobile device, so that network performance can be analyzed. In various implementations, one or more default classes associated with an application on a device are replaced with one or more custom monitoring classes designed to facilitate monitoring data packets being communicated to or from the application. The custom monitoring classes can then be utilized to facilitate monitoring a plurality of data packets communicated to or from the application.

公开(公告)号：US11868411B1

公开(公告)日：2024-01-09

申请号：US17468428

申请日：2021-09-07

Applicant: SPLUNK INC.

Inventor： Ramesh Panuganty

IPC: G06F16/951

CPC classification number: G06F16/951

Abstract: Improved crawling and curation of data and metadata from diverse data sources is described. In some embodiments, improvements are achieved by interpreting the context, vocabulary and relationships of data element, to enable relational data search capability for users. The user querying process is improved by systematic identification of the data objects, context, and relationships across data objects and elements, aggregation methods and operators on the data objects and data elements as identified in the curation process. User query suggestions and recommendations can be adjusted based on the context, relationships between the data elements, user profile, and the data sources. When the user query is executed, the query text is translated into an equivalent of one or more query statements, such as SQL or PostGre statements, and the query is performed on the identified data sources. Results are assembled to present the answer in a meaningful visualization for the user query.

公开(公告)号：US11863408B1

公开(公告)日：2024-01-02

申请号：US17578206

申请日：2022-01-18

Applicant: Splunk Inc.

Inventor： Michael Dickey

IPC: H04L43/04 ,  H04L41/0853 ,  H04L41/046 ,  H04L41/0816 ,  H04L43/106

CPC classification number: H04L43/04 ,  H04L41/046 ,  H04L41/0816 ,  H04L41/0856 ,  H04L43/106

Abstract: The disclosed embodiments provide a method and system for processing network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. Next, the system uses the configuration information to configure the generation of event data from network data obtained from network packets at the remote capture agent. The system then uses the configuration information to configure transformation of the event data or the network data into transformed event data at the remote capture agent.