公开(公告)号：US11501184B1

公开(公告)日：2022-11-15

申请号：US16119322

申请日：2018-08-31

Applicant: Splunk Inc.

Inventor： Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: G06Q10/06 ,  G06F8/34 ,  G06N5/04 ,  G06N5/02

Abstract: Described herein are improvements for generating courses of action for an information technology (IT) environment. In one example, a method includes determining that a decision step occurs between a one step and two or more other steps of a first course of action associated with an incident type in the information technology environment. The method further includes determining possible outputs of the one step that, when used as input to the decision step, cause the first course of action to proceed from the decision step to respective steps of the two or more other steps. The method also includes incorporating logic into the decision step to direct the course of action to respective steps of the two or more other steps based on one or more of the possible outputs.

公开(公告)号：US10999164B1

公开(公告)日：2021-05-04

申请号：US16863896

申请日：2020-04-30

Applicant: Splunk Inc.

Inventor： Chakravarthy Sridhar ,  Minjie Qiu ,  Atif Mahadik

IPC: H04L12/24 ,  G06F3/0482 ,  H04L12/46 ,  H04L29/06 ,  G06F8/20 ,  G06F8/34

Abstract: Techniques are described for enabling a cloud-based IT and security operations application to execute playbooks containing custom code in a manner that mitigates types of risk related to the misuse of cloud-based resources and security of user data. Users use a client application to create and modify playbooks and, upon receiving input to save a playbook, the client application determines whether the playbook includes custom code. If the client application determines that the playbook includes custom code, the client application establishes a connection with a proxy application (also referred to as an “automation broker”) running in the user's own on-premises network and sends a representation of the playbook to the proxy application. The client application further sends to the IT and security operations application an identifier of the playbook and an indication that the playbook (or the custom code portions of the playbook) is stored within the user's on-premises network.

公开(公告)号：US10986120B2

公开(公告)日：2021-04-20

申请号：US16568949

申请日：2019-09-12

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

Abstract: Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.

公开(公告)号：US20200259858A1

公开(公告)日：2020-08-13

申请号：US16863557

申请日：2020-04-30

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28

Abstract: Systems, methods, and software described herein provide for identifying and implementing security actions within a computing environment. In one example, a method of operating an advisement system to provide security actions in a computing environment includes identifying communication interactions between a plurality of computing assets and, after identifying the communication interactions, identifying a security incident in a first computing asset. The method further provides identifying at least one related computing asset to the first asset based on the communication interactions, and determining the security actions to be taken in the first computing asset and the related computing asset.

公开(公告)号：US10158663B2

公开(公告)日：2018-12-18

申请号：US15699454

申请日：2017-09-08

Applicant: SPLUNK INC.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F17/30 ,  H04L12/851

Abstract: Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.