公开(公告)号：US11604877B1

公开(公告)日：2023-03-14

申请号：US16119954

申请日：2018-08-31

Applicant: Splunk Inc.

Inventor： Glenn Gallien ,  Sourabh Satish

IPC: G06F21/50 ,  G06F21/56 ,  G06F21/55 ,  H04L9/40

Abstract: Described herein are systems and methods for improving incident response in an information technology (IT) environment. In one implementation, an incident service initiates execution of a course of action and identifies a step in the first course of action that determines data in a first format. The incident service further determines a format requirement for a second step in the course of action and translates the data from the first format to the second format in accordance with the format requirement.

公开(公告)号：US11372532B2

公开(公告)日：2022-06-28

申请号：US17358777

申请日：2021-06-25

Applicant: Splunk Inc.

Inventor： Timur Catakli ,  Sourabh Satish

IPC: G06F3/04847 ,  G06F3/0482 ,  G06F16/335 ,  H04L67/75 ,  H04L41/22 ,  H04L9/40 ,  G06F16/25 ,  G06F9/451

Abstract: An information technology (IT) and security operations application is described that stores data reflecting customizations that users make to GUIs displaying information about various types of incidents, and further uses such data to generate “popular” interface profiles indicating popular GUI modifications. The analysis of the GUI customizations data is performed using data associated with multiple tenants of the IT and security operations application to develop profiles that may represent a general consensus on a collection and arrangement of interface elements that enable analysts to efficiently respond to certain types of incidents. Users of the IT and security operations application can then optionally apply these popular interface profiles to various GUIs during their use of the application. Among other benefits, the ability to generate and provide popular interface profiles can help analysts and other users more efficiently investigate and respond to a wide variety of incidents within IT environments, thereby improving the operation and security of those environments.

公开(公告)号：US11327827B1

公开(公告)日：2022-05-10

申请号：US16429043

申请日：2019-06-02

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  David Wayman ,  Glenn Gallien ,  Akshay Dongaonkar

IPC: G06F11/00 ,  G06F11/07 ,  G06F9/451 ,  G06Q10/06

Abstract: An information technology (IT) operations platform is described that enables users to execute one or more executable actions from a set of executable actions presented in a prioritized order based on historical data. In response to identifying an occurrence of a type of incident in an IT environment, the IT operations platform generates a workbook based on a customizable workbook template. The customizable workbook template includes a plurality of tasks grouped into a plurality of phases for responding to occurrences of the type of incident, and each task of the plurality of tasks is associated with a respective set of suggested executable actions for completing the corresponding task. The IT operations platform then causes the display of a graphical user interface (GUI) including a representation of the workbook, including interface elements representing the respective set of suggested executable actions displayed in the prioritized order.

公开(公告)号：US11165812B2

公开(公告)日：2021-11-02

申请号：US14675176

申请日：2015-03-31

Applicant: SPLUNK INC.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

Abstract: Systems, methods, and software described herein provide for identifying and implementing security actions within a computing environment. In one example, a method of operating an advisement system to provide security actions in a computing environment includes identifying communication interactions between a plurality of computing assets and, after identifying the communication interactions, identifying a security incident in a first computing asset. The method further provides identifying at least one related computing asset to the first asset based on the communication interactions, and determining the security actions to be taken in the first computing asset and the related computing asset.

公开(公告)号：US11133977B2

公开(公告)日：2021-09-28

申请号：US16926907

申请日：2020-07-13

Applicant: Splunk Inc.

Inventor： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: H04L12/24 ,  H04L29/06

Abstract: Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.

公开(公告)号：US20210281602A1

公开(公告)日：2021-09-09

申请号：US17327098

申请日：2021-05-21

Applicant: Splunk Inc.

Inventor： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: H04L29/06 ,  H04L9/00 ,  G06F21/55

Abstract: Described herein are systems and methods for enhancing an interface for an information technology (IT) environment. In one implementation, an incident service causes display of a first version of a course of action and obtains input indicative of a request for a new action in the course of action. The incident service further determines suggested actions based at least one the input and causes display of the suggested actions. Once displayed, the incident service obtains input indicative of a selection of at least one action from the suggested actions, and causes display input indicative of a selection of at least one action from the suggested actions.

公开(公告)号：US11019093B2

公开(公告)日：2021-05-25

申请号：US16539918

申请日：2019-08-13

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

Abstract: Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.

公开(公告)号：US20210144182A1

公开(公告)日：2021-05-13

申请号：US17125675

申请日：2020-12-17

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Ryan Russell

IPC: H04L29/06 ,  G06F21/00 ,  G06F21/57

Abstract: Systems, methods, and software described herein provide for identifying recommended feature sets for new security applications. In one example, a method of providing recommended feature sets for a new security application includes identifying a request for the new security application, and determining a classification for the new security application. The method further provides identifying related applications to the new security application based on the classification, and identifying a feature set for the new security application based on features provided in the related applications.

公开(公告)号：US10936716B1

公开(公告)日：2021-03-02

申请号：US16051278

申请日：2018-07-31

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Trenton John Beals ,  Glenn Gallien ,  Govind Salinas

IPC: G06F21/55 ,  H04L29/06 ,  G06F9/451 ,  G06F11/07 ,  H04L12/24 ,  G06F11/34

Abstract: The technology presented herein improves incident handling in an IT environment. In a particular example, a method provides identifying a first incident in the IT environment. From incident handling information that indicates how a plurality of previous incidents were handled by one or more users, the method provides identifying first information of the incident handling information corresponding to one or more first previous incidents of the plurality of previous incidents that are similar to the first incident. The method further provides determining a suggested course of action from the first information and presenting the suggested course of action to a user of the information technology environment.

公开(公告)号：US10853478B1

公开(公告)日：2020-12-01

申请号：US16119911

申请日：2018-08-31

Applicant: Splunk Inc.

Inventor： Govind Salinas ,  Sourabh Satish ,  Robert John Truesdell

IPC: G06F21/45 ,  G06F21/60 ,  H04L29/06

Abstract: Described herein are improvements for responding to incidents in an information technology (IT) environment. In one example, a method includes, in an incident response system, receiving authentication information for use by a first component for responding to an incident in an information technology (IT) environment. The method further includes encrypting the authentication information and storing the authentication information in the incident response system along with encrypted parameters for operating the first component. In the incident response system, upon determining that the first component requires the authentication information for an interaction, the method provides retrieving the authentication information and providing the authentication information to the first component.