公开(公告)号：US11240120B2

公开(公告)日：2022-02-01

申请号：US17222785

申请日：2021-04-05

申请人： Splunk Inc.

发明人： Atif Mahadik ,  Ryan Connor Means ,  Govind Salinas ,  Sourabh Satish

IPC分类号： H04L12/24

摘要： Described herein are improvements for generating courses of action for an information technology (IT) environment. In one example, a method includes identifying a first course of action for responding to an incident type in an information technology environment and generating a simulated incident associated with the incident type. The method further includes initiating performance of the first course of action based on the generation of the simulated incident. The method also includes, upon reaching a particular step of the first course of action that prevents the performance of the first course of action from proceeding, providing a first simulated result that allows the performance of the first course of action to proceed.

公开(公告)号：US20210226852A1

公开(公告)日：2021-07-22

申请号：US17222785

申请日：2021-04-05

申请人： Splunk Inc.

发明人： Atif Mahadik ,  Ryan Connor Means ,  Govind Salinas ,  Sourabh Satish

IPC分类号： H04L12/24

摘要： Described herein are improvements for generating courses of action for an information technology (IT) environment. In one example, a method includes identifying a first course of action for responding to an incident type in an information technology environment and generating a simulated incident associated with the incident type. The method further includes initiating performance of the first course of action based on the generation of the simulated incident. The method also includes, upon reaching a particular step of the first course of action that prevents the performance of the first course of action from proceeding, providing a first simulated result that allows the performance of the first course of action to proceed.

公开(公告)号：US11038915B1

公开(公告)日：2021-06-15

申请号：US16051247

申请日：2018-07-31

申请人： Splunk Inc.

发明人： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC分类号： H04L29/06 ,  H04L9/00 ,  G06F21/55

摘要： Described herein are systems and methods for enhancing an interface for an information technology (IT) environment. In one implementation, an incident service causes display of a first version of a course of action and obtains input indicative of a request for a new action in the course of action. The incident service further determines suggested actions based at least one the input and causes display of the suggested actions. Once displayed, the incident service obtains input indicative of a selection of at least one action from the suggested actions, and causes display input indicative of a selection of at least one action from the suggested actions.

公开(公告)号：US11025664B2

公开(公告)日：2021-06-01

申请号：US16736120

申请日：2020-01-07

申请人： Splunk Inc.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

摘要： Systems, methods, and software described herein provide security actions based on the current state of a security threat. In one example, a method of operating an advisement system in a computing environment with a plurality of computing assets includes identifying a security threat within the computing environment. The method further includes, in response to identifying the security threat, obtaining state information for the security threat within the computing environment, and determining a current state for the security threat within the computing environment. The method also provides obtaining enrichment information for the security threat and determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.

公开(公告)号：US20210150026A1

公开(公告)日：2021-05-20

申请号：US17161309

申请日：2021-01-28

申请人： Splunk Inc.

发明人： Sourabh Satish ,  Trenton John Beals ,  Glenn Gallien ,  Govind Salinas

IPC分类号： G06F21/55 ,  G06F11/07 ,  G06F9/451 ,  H04L12/24 ,  H04L29/06 ,  G06F11/34

摘要： The technology presented herein improves incident handling in an IT environment. In a particular example, a method provides identifying a first incident in the IT environment. From incident handling information that indicates how a plurality of previous incidents were handled by one or more users, the method provides identifying first information of the incident handling information corresponding to one or more first previous incidents of the plurality of previous incidents that are similar to the first incident. The method further provides determining a suggested course of action from the first information and presenting the suggested course of action to a user of the information technology environment.

公开(公告)号：US10985994B1

公开(公告)日：2021-04-20

申请号：US16051378

申请日：2018-07-31

申请人： Splunk Inc.

发明人： Atif Mahadik ,  Ryan Connor Means ,  Govind Salinas ,  Sourabh Satish

IPC分类号： H04L12/24

摘要： Described herein are improvements for generating courses of action for an information technology (IT) environment. In one example, a method includes identifying a first course of action for responding to an incident type in an information technology environment and generating a simulated incident associated with the incident type. The method further includes initiating performance of the first course of action based on the generation of the simulated incident. The method also includes, upon reaching a particular step of the first course of action that prevents the performance of the first course of action from proceeding, providing a first simulated result that allows the performance of the first course of action to proceed.

公开(公告)号：US20210084066A1

公开(公告)日：2021-03-18

申请号：US17104537

申请日：2020-11-25

申请人： Splunk Inc.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： H04L29/06 ,  G06F21/55 ,  G06F16/28

摘要： Systems, methods, and software described herein provide for responding to security threats in a computing environment based on the classification of computing assets in the environment. In one example, a method of operating an advisement computing system includes identifying a security threat for an asset in the computing environment, and identifying a classification for the asset in relation to other assets within the computing environment. The method further provides determining a rule set for the security threat based on the classification for the asset and initiating a response to the security threat based on the rule set.

公开(公告)号：US20200344268A1

公开(公告)日：2020-10-29

申请号：US16817070

申请日：2020-03-12

申请人： Splunk Inc.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Ryan Russell

IPC分类号： H04L29/06 ,  G06F21/00 ,  G06F21/57

摘要： Systems, methods, and software described herein provide for identifying recommended feature sets for new security applications. In one example, a method of providing recommended feature sets for a new security application includes identifying a request for the new security application, and determining a classification for the new security application. The method further provides identifying related applications to the new security application based on the classification, and identifying a feature set for the new security application based on features provided in the related applications.

公开(公告)号：US10554687B1

公开(公告)日：2020-02-04

申请号：US16142913

申请日：2018-09-26

申请人： Splunk Inc.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： G06F21/00 ,  H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

摘要： Systems, methods, and software described herein provide for managing service level agreements (SLAs) for security incidents in a computing environment. In one example, an advisement system identifies a rule set for a security incident based on enrichment information obtained for the security incident, wherein the rule set is associated with action recommendations to be taken against the incident. The advisement system further identifies a default SLA for the security incident based on the rule set, and obtains environmental characteristics related to the security incident. Based on the environmental characteristics, the advisement system determines a modified SLA for the security incident.

公开(公告)号：US10476905B2

公开(公告)日：2019-11-12

申请号：US15924759

申请日：2018-03-19

申请人： SPLUNK INC.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

摘要： Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.