公开(公告)号：US10425440B2

公开(公告)日：2019-09-24

申请号：US16107972

申请日：2018-08-21

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

Abstract: Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.

公开(公告)号：US10193920B2

公开(公告)日：2019-01-29

申请号：US15886183

申请日：2018-02-01

Applicant: SPLUNK INC.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F17/30 ,  H04L12/851

Abstract: Systems, methods, and software described herein provide security actions based on the current state of a security threat. In one example, a method of operating an advisement system in a computing environment with a plurality of computing assets includes identifying a security threat within the computing environment. The method further includes, in response to identifying the security threat, obtaining state information for the security threat within the computing environment, and determining a current state for the security threat within the computing environment. The method also provides obtaining enrichment information for the security threat and determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.

公开(公告)号：US10116687B2

公开(公告)日：2018-10-30

申请号：US15845963

申请日：2017-12-18

Applicant: SPLUNK INC.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/55 ,  G06F17/30 ,  H04L12/851

Abstract: Systems, methods, and software described herein provide for managing service level agreements (SLAs) for security incidents in a computing environment. In one example, an advisement system identifies a rule set for a security incident based on enrichment information obtained for the security incident, wherein the rule set is associated with action recommendations to be taken against the incident. The advisement system further identifies a default SLA for the security incident based on the rule set, and obtains environmental characteristics related to the security incident. Based on the environmental characteristics, the advisement system determines a modified SLA for the security incident.

公开(公告)号：US10063587B2

公开(公告)日：2018-08-28

申请号：US14956589

申请日：2015-12-02

Applicant: SPLUNK INC.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F17/30 ,  H04L12/851

Abstract: Systems, methods, and software described herein provide for responding to security threats in a computing environment based on the classification of computing assets in the environment. In one example, a method of operating an advisement computing system includes identifying a security threat for an asset in the computing environment, and identifying a classification for the asset in relation to other assets within the computing environment. The method further provides determining a rule set for the security threat based on the classification for the asset and initiating a response to the security threat based on the rule set.

公开(公告)号：US12045201B1

公开(公告)日：2024-07-23

申请号：US16779463

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Atif Mahadik ,  Govind Salinas

IPC: G06F7/00 ,  G06F9/54 ,  G06F16/16 ,  G06F16/17 ,  G06F16/182 ,  G06F16/23 ,  G06F16/245 ,  G06F16/28 ,  G06F21/62

CPC classification number: G06F16/1734 ,  G06F9/542 ,  G06F16/168 ,  G06F16/1824 ,  G06F16/2322 ,  G06F16/245 ,  G06F16/283 ,  G06F21/6218

Abstract: Techniques are described for automatically identifying and configuring IT and security application connectors relevant to users' IT environment by obtaining and analyzing data reflecting activity within an IT environment. The identification of types of assets within an IT environment may be based on analyzing a “source type” field included in events associated with the IT environment, where the source type field included in each event provides an indication of a type of device or service to which the event relates. The values stored in the source type field of events associated with a user's IT environment might indicate, for example, the presence of various types of computing devices, software applications, network devices, and so forth. Based on the identification of types of assets present in an IT environment, an IT and security operations application automatically configures corresponding connectors for those types of assets.

公开(公告)号：US11853367B1

公开(公告)日：2023-12-26

申请号：US17869693

申请日：2022-07-20

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  David Wayman ,  Kavita Varadarajan

IPC: G06F16/906 ,  H04L9/40 ,  G06F16/9038 ,  G06F16/11 ,  G06F3/0482 ,  G06F16/907

CPC classification number: G06F16/906 ,  G06F3/0482 ,  G06F16/125 ,  G06F16/907 ,  G06F16/9038 ,  H04L63/105 ,  H04L63/1416 ,  H04L63/1425

Abstract: Techniques are described for enabling analysts and other users of an IT operations platform to identify certain data objects managed by the platform (for example, events, files, notes, actions results, etc.) as “evidence” when such data objects are believed to be of particular significance to an investigation or other matter. For example, an event generated based on data ingested from an anti-virus service and representing a security-related incident might include artifacts indicating an asset identifier, a hash value of a suspected malicious file, a file path on the infected endpoint, and so forth. An analyst can use various interfaces and interface elements of an IT operations platform to indicate which of such events and/or artifacts, if any, represent evidence in the context of the investigation that the analyst is conducting. In response, the IT operations platform can perform various automated actions.

公开(公告)号：US11811587B1

公开(公告)日：2023-11-07

申请号：US18158400

申请日：2023-01-23

Applicant: Splunk Inc.

Inventor： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: H04L41/0631 ,  H04L41/0654 ,  H04L41/14 ,  H04L9/40 ,  H04L41/22 ,  H04L41/5074 ,  G06F21/55 ,  H04L41/08

CPC classification number: H04L41/0631 ,  G06F21/554 ,  H04L41/0654 ,  H04L41/0883 ,  H04L41/14 ,  H04L41/22 ,  H04L41/5074 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/20

Abstract: Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.

公开(公告)号：US11784996B2

公开(公告)日：2023-10-10

申请号：US16934915

申请日：2020-07-21

Applicant: Splunk Inc.

Inventor： Govind Salinas ,  Sourabh Satish ,  Robert John Truesdell

IPC: H04L9/40

CPC classification number: H04L63/083 ,  H04L63/105

Abstract: Described herein are systems, methods, and software to enhance incident response in an information technology (IT) environment. In one example, an incident service identifies a course of action to respond to an incident in the IT environment. The incident service further identifies a particular step in the course of action associated with a credential requirement based on traits associated with the particular step, and generates a credential request to obtain credentials to support the credential requirement.

公开(公告)号：US11755405B1

公开(公告)日：2023-09-12

申请号：US17713971

申请日：2022-04-05

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  David Wayman ,  Glenn Gallien ,  Akshay Dongaonkar

IPC: G06F11/00 ,  G06F11/07 ,  G06Q10/0631 ,  G06F9/451

CPC classification number: G06F11/0793 ,  G06F9/451 ,  G06F11/0769 ,  G06Q10/06316

Abstract: An information technology (IT) operations platform is described that enables users to execute one or more executable actions from a set of executable actions presented in a prioritized order based on historical data. In response to identifying an occurrence of a type of incident in an IT environment, the IT operations platform generates a workbook based on a customizable workbook template. The customizable workbook template includes a plurality of tasks grouped into a plurality of phases for responding to occurrences of the type of incident, and each task of the plurality of tasks is associated with a respective set of suggested executable actions for completing the corresponding task. The IT operations platform then causes the display of a graphical user interface (GUI) including a representation of the workbook, including interface elements representing the respective set of suggested executable actions displayed in the prioritized order.

公开(公告)号：US11695803B2

公开(公告)日：2023-07-04

申请号：US17163318

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Min Xu ,  Yang Li ,  Yan Li

IPC: H04L29/00 ,  H04L9/40 ,  H04L41/22

CPC classification number: H04L63/20 ,  H04L41/22 ,  H04L63/0281 ,  H04L63/1433

Abstract: Techniques are described for providing an extension framework for an IT and security operations application. The described extension framework allows various types of users to extend the user interfaces, data content, and functionality of an IT and security operations application to enhance and enrich users' workflow and investigative experiences. Example types of extensions enabled by the extension framework include modifying or supplementing GUI elements and other components, where users can implement these extensions at pre-defined extension points of the IT and security operations application. The extension framework further includes a data integration system that provides users with mechanisms to integrate data from external applications, services, or other data sources into their plugins.