公开(公告)号：US11416561B1

公开(公告)日：2022-08-16

申请号：US16429044

申请日：2019-06-02

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  David Wayman ,  Kavita Varadarajan

IPC: G06F16/906 ,  H04L9/40 ,  G06F16/907 ,  G06F16/9038 ,  G06F16/11 ,  G06F3/0482

Abstract: Techniques are described for enabling analysts and other users of an IT operations platform to identify certain data objects managed by the platform (for example, events, files, notes, actions results, etc.) as “evidence” when such data objects are believed to be of particular significance to an investigation or other matter. For example, an event generated based on data ingested from an anti-virus service and representing a security-related incident might include artifacts indicating an asset identifier, a hash value of a suspected malicious file, a file path on the infected endpoint, and so forth. An analyst can use various interfaces and interface elements of an IT operations platform to indicate which of such events and/or artifacts, if any, represent evidence in the context of the investigation that the analyst is conducting. In response, the IT operations platform can perform various automated actions.

公开(公告)号：US10795649B1

公开(公告)日：2020-10-06

申请号：US16264594

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Allison Drake ,  Daniel Trenker ,  David Wayman

IPC: G06F8/34 ,  H04L29/06 ,  G06F9/451 ,  G06F9/54

Abstract: Techniques are described for enabling users to add custom code function blocks and multi-prompt blocks to customizable playbooks that can be executed by an orchestration, automation, and response (OAR) platform. At a high level, a playbook comprises computer program code and possibly other data that can be executed by an OAR platform to carry out an automated set of actions. A playbook is comprised of one or more functions or codeblocks, where each codeblock contains program code that performs defined functionality when the codeblock is encountered during execution of the playbook of which it is a part. For example, a first codeblock may implement an action that is performed relative to one or more IT assets, another codeblock might filter data generated by the first codeblock in some manner, and so forth.

公开(公告)号：US11853367B1

公开(公告)日：2023-12-26

申请号：US17869693

申请日：2022-07-20

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  David Wayman ,  Kavita Varadarajan

IPC: G06F16/906 ,  H04L9/40 ,  G06F16/9038 ,  G06F16/11 ,  G06F3/0482 ,  G06F16/907

CPC classification number: G06F16/906 ,  G06F3/0482 ,  G06F16/125 ,  G06F16/907 ,  G06F16/9038 ,  H04L63/105 ,  H04L63/1416 ,  H04L63/1425

Abstract: Techniques are described for enabling analysts and other users of an IT operations platform to identify certain data objects managed by the platform (for example, events, files, notes, actions results, etc.) as “evidence” when such data objects are believed to be of particular significance to an investigation or other matter. For example, an event generated based on data ingested from an anti-virus service and representing a security-related incident might include artifacts indicating an asset identifier, a hash value of a suspected malicious file, a file path on the infected endpoint, and so forth. An analyst can use various interfaces and interface elements of an IT operations platform to indicate which of such events and/or artifacts, if any, represent evidence in the context of the investigation that the analyst is conducting. In response, the IT operations platform can perform various automated actions.

公开(公告)号：US11755405B1

公开(公告)日：2023-09-12

申请号：US17713971

申请日：2022-04-05

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  David Wayman ,  Glenn Gallien ,  Akshay Dongaonkar

IPC: G06F11/00 ,  G06F11/07 ,  G06Q10/0631 ,  G06F9/451

CPC classification number: G06F11/0793 ,  G06F9/451 ,  G06F11/0769 ,  G06Q10/06316

Abstract: An information technology (IT) operations platform is described that enables users to execute one or more executable actions from a set of executable actions presented in a prioritized order based on historical data. In response to identifying an occurrence of a type of incident in an IT environment, the IT operations platform generates a workbook based on a customizable workbook template. The customizable workbook template includes a plurality of tasks grouped into a plurality of phases for responding to occurrences of the type of incident, and each task of the plurality of tasks is associated with a respective set of suggested executable actions for completing the corresponding task. The IT operations platform then causes the display of a graphical user interface (GUI) including a representation of the workbook, including interface elements representing the respective set of suggested executable actions displayed in the prioritized order.

公开(公告)号：US11327827B1

公开(公告)日：2022-05-10

申请号：US16429043

申请日：2019-06-02

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  David Wayman ,  Glenn Gallien ,  Akshay Dongaonkar

IPC: G06F11/00 ,  G06F11/07 ,  G06F9/451 ,  G06Q10/06

Abstract: An information technology (IT) operations platform is described that enables users to execute one or more executable actions from a set of executable actions presented in a prioritized order based on historical data. In response to identifying an occurrence of a type of incident in an IT environment, the IT operations platform generates a workbook based on a customizable workbook template. The customizable workbook template includes a plurality of tasks grouped into a plurality of phases for responding to occurrences of the type of incident, and each task of the plurality of tasks is associated with a respective set of suggested executable actions for completing the corresponding task. The IT operations platform then causes the display of a graphical user interface (GUI) including a representation of the workbook, including interface elements representing the respective set of suggested executable actions displayed in the prioritized order.