公开(公告)号：US11038905B2

公开(公告)日：2021-06-15

申请号：US15415853

申请日：2017-01-25

Applicant: Splunk, Inc.

Inventor： Joseph Auguste Zadeh ,  Rodolfo Soto ,  Madhupreetha Chandrasekaran ,  Yijiang Li

IPC: H04L29/06

Abstract: Techniques for identifying attack behavior based on scripting language activity are disclosed. A security monitoring system generates a behavior profile for a first client device based on scripting language commands included in a first set of raw machine data received from the first client device, where the first client device is coupled to a network, and the first set of raw machine data is associated with network traffic received by or transmitted from the first client device. The security monitoring system analyzes a second set of raw machine data received from the first client device, where the second set of raw machine data is associated with subsequent network traffic received by or transmitted from the first client device. The security monitoring system detects an anomaly in the second set of raw machine data based on the behavior profile, and initiates a mitigation action in response to detecting the anomaly.

公开(公告)号：US11870795B1

公开(公告)日：2024-01-09

申请号：US17347278

申请日：2021-06-14

Applicant: SPLUNK INC.

Inventor： Joseph Auguste Zadeh ,  Rodolfo Soto ,  Madhupreetha Chandrasekaran ,  Yijiang Li

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1441 ,  H04L2463/121

Abstract: Techniques for identifying attack behavior based on scripting language activity are disclosed. A security monitoring system generates a behavior profile for a first client device based on scripting language commands included in a first set of raw machine data received from the first client device, where the first client device is coupled to a network, and the first set of raw machine data is associated with network traffic received by or transmitted from the first client device. The security monitoring system analyzes a second set of raw machine data received from the first client device, where the second set of raw machine data is associated with subsequent network traffic received by or transmitted from the first client device. The security monitoring system detects an anomaly in the second set of raw machine data based on the behavior profile, and initiates a mitigation action in response to detecting the anomaly.

公开(公告)号：US20180212985A1

公开(公告)日：2018-07-26

申请号：US15415853

申请日：2017-01-25

Applicant: Splunk, Inc.

Inventor： Joseph Auguste Zadeh ,  Rodolfo Soto ,  Madhupreetha Chandrasekaran ,  Yijiang Li

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/1441 ,  H04L2463/121

Abstract: Techniques for identifying attack behavior based on scripting language activity are disclosed. A security monitoring system generates a behavior profile for a first client device based on scripting language commands included in a first set of raw machine data received from the first client device, where the first client device is coupled to a network, and the first set of raw machine data is associated with network traffic received by or transmitted from the first client device. The security monitoring system analyzes a second set of raw machine data received from the first client device, where the second set of raw machine data is associated with subsequent network traffic received by or transmitted from the first client device. The security monitoring system detects an anomaly in the second set of raw machine data based on the behavior profile, and initiates a mitigation action in response to detecting the anomaly.