公开(公告)号：US11671457B2

公开(公告)日：2023-06-06

申请号：US17246468

申请日：2021-04-30

Applicant: Splunk Inc.

Inventor： Anne Yeh ,  Jeffery Roberts

IPC: H04L9/40 ,  G06F9/451 ,  G06F9/54 ,  G06F16/245 ,  H04L9/06 ,  G06F21/55

CPC classification number: H04L63/20 ,  G06F9/451 ,  G06F9/54 ,  G06F16/245 ,  H04L9/0643 ,  H04L63/0281 ,  H04L63/0442

Abstract: Techniques are described for providing on-premises action execution agents used to execute orchestration, automation, and response (OAR) actions in users' IT environments. An on-premises action execution agent can be used to execute actions involving computing resources located in users' on-premises IT environments, where such resources may be located behind a firewall and thus not directly accessible to an IT and security operations application running in a cloud-based environment or elsewhere. An intermediary secure tunnel service is used to establish secure connections between an IT and security operations application and on-premises action execution agents, thereby enabling the encrypted transfer of credentials, API tokens, and other sensitive information used by an on-premises action execution agent to execute actions. The executed actions can include on-demand actions initiated by a user and automated actions included, e.g., as part of a playbook that is executed responsive to the identification of certain types of incidents.