公开(公告)号：US11895143B2

公开(公告)日：2024-02-06

申请号：US17326070

申请日：2021-05-20

申请人： Splunk Inc.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： H04L9/40 ,  G06F21/55 ,  G06F16/28 ,  H04L47/2425

CPC分类号： H04L63/1441 ,  G06F16/285 ,  G06F21/554 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20 ,  H04L47/2425

摘要： Systems, methods, and software described herein provide action recommendations to administrators of a computing environment based on effectiveness of previously implemented actions. In one example, an advisement system identifies a security incident for an asset in the computing environment, and obtains enrichment information for the incident. Based on the enrichment information a rule set and associated recommended security actions are identified for the incident. Once the recommended security actions are identified, a subset of the action recommendations are organized based on previous action implementations in the computing environment, and the subset is provided to an administrator for selection.

公开(公告)号：US11805148B2

公开(公告)日：2023-10-31

申请号：US17513595

申请日：2021-10-28

申请人： Splunk Inc.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： H04L9/40 ,  G06F21/55 ,  G06F16/28 ,  H04L47/2425 ,  H04L29/06

CPC分类号： H04L63/1441 ,  G06F16/285 ,  G06F21/554 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20 ,  H04L47/2425

摘要： Systems, methods, and software described herein provide for managing service level agreements (SLAs) for security incidents in a computing environment. In one example, an advisement system identifies a rule set for a security incident based on enrichment information obtained for the security incident, wherein the rule set is associated with action recommendations to be taken against the incident. The advisement system further identifies a default SLA for the security incident based on the rule set, and obtains environmental characteristics related to the security incident. Based on the environmental characteristics, the advisement system determines a modified SLA for the security incident.

公开(公告)号：US11765198B2

公开(公告)日：2023-09-19

申请号：US17185612

申请日：2021-02-25

申请人： Splunk Inc.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： H04L9/40 ,  G06F21/55 ,  G06F16/28 ,  H04L47/2425

CPC分类号： H04L63/1441 ,  G06F16/285 ,  G06F21/554 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20 ,  H04L47/2425

摘要： Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.

公开(公告)号：US11675900B2

公开(公告)日：2023-06-13

申请号：US17161309

申请日：2021-01-28

申请人： Splunk Inc.

发明人： Sourabh Satish ,  Trenton John Beals ,  Glenn Gallien ,  Govind Salinas

IPC分类号： G06F21/55 ,  H04L9/40 ,  G06F9/451 ,  G06F11/07 ,  H04L41/0631 ,  G06F11/34

CPC分类号： G06F21/554 ,  G06F9/453 ,  G06F11/0793 ,  G06F11/3438 ,  H04L41/0631 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441

摘要： The technology presented herein improves incident handling in an IT environment. In a particular example, a method provides identifying a first incident in the IT environment. From incident handling information that indicates how a plurality of previous incidents were handled by one or more users, the method provides identifying first information of the incident handling information corresponding to one or more first previous incidents of the plurality of previous incidents that are similar to the first incident. The method further provides determining a suggested course of action from the first information and presenting the suggested course of action to a user of the information technology environment.

公开(公告)号：US11658863B1

公开(公告)日：2023-05-23

申请号：US17497760

申请日：2021-10-08

申请人： Splunk Inc.

发明人： Govind Salinas ,  Sourabh Satish ,  Robert John Truesdell

IPC分类号： H04L41/0631 ,  H04L43/0817 ,  H04L9/40

CPC分类号： H04L41/0631 ,  H04L43/0817 ,  H04L63/1441

摘要： Described herein are systems, methods, and software to enhance incident response for an information technology (IT) environment. In one implementation, an incident service identifies an incident in the IT environment and determines a correlation between the incident and other incidents in the IT environment. Once correlated, the incident service aggregates incident data of the incident with incident data of the other incidents and generates a summary using the aggregated incident data.

公开(公告)号：US11182163B1

公开(公告)日：2021-11-23

申请号：US16119238

申请日：2018-08-31

申请人： Splunk Inc.

发明人： Trenton John Beals ,  Glenn Gallien ,  Govind Salinas ,  Sourabh Satish

IPC分类号： G06F9/30

摘要： Examples described herein relate to customization of courses of action for responding to incidents in information technology (IT) environments. An incident management service executes incident response monitoring, identification and remediation across an IT environment for one or more entities that may have their own configuration of computing assets (computing environment) within the IT environment. A course of action outlines remediation actions for responding to specific types of incidents within an IT environment. A course of action is customized for implementation within a particular computing environment associated with an entity. Customization of a course of action comprises generation and implementation of instruction sets that are usable to tailor remedial actions for execution in computing environments of different entities. An instruction set provides commands/calls that are specific to computing assets associated with an entity, which are usable to execute remedial actions for a specific type of incident.

公开(公告)号：US11019092B2

公开(公告)日：2021-05-25

申请号：US14677493

申请日：2015-04-02

申请人： SPLUNK INC.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

摘要： Systems, methods, and software described herein provide action recommendations to administrators of a computing environment based on effectiveness of previously implemented actions. In one example, an advisement system identifies a security incident for an asset in the computing environment, and obtains enrichment information for the incident. Based on the enrichment information a rule set and associated recommended security actions are identified for the incident. Once the recommended security actions are identified, a subset of the action recommendations are organized based on previous action implementations in the computing environment, and the subset is provided to an administrator for selection.

公开(公告)号：US20210092152A1

公开(公告)日：2021-03-25

申请号：US17033146

申请日：2020-09-25

申请人： Splunk Inc.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： H04L29/06 ,  G06F21/55 ,  G06F16/28

摘要： Systems, methods, and software described herein provide security actions based on related security threat communications. In one example, a method of operating an advisement system includes identifying a security threat within the computing environment, wherein the computing environment comprises a plurality of computing assets. The method further provides obtaining descriptor information for the security threat, and retrieving related communication interactions based on the descriptor information. The method also includes generating a response to the security threat based on the related communication interactions.

公开(公告)号：US20210081523A1

公开(公告)日：2021-03-18

申请号：US17106001

申请日：2020-11-27

申请人： Splunk Inc.

发明人： Govind Salinas ,  Sourabh Satish ,  Robert John Truesdell

IPC分类号： G06F21/45 ,  G06F21/60 ,  H04L29/06

摘要： Described herein are improvements for responding to incidents in an information technology (IT) environment. In one example, a method includes, in an incident response system, receiving authentication information for use by a first component for responding to an incident in an information technology (IT) environment. The method further includes encrypting the authentication information and storing the authentication information in the incident response system along with encrypted parameters for operating the first component. In the incident response system, upon determining that the first component requires the authentication information for an interaction, the method provides retrieving the authentication information and providing the authentication information to the first component.

公开(公告)号：US10834120B2

公开(公告)日：2020-11-10

申请号：US14868553

申请日：2015-09-29

申请人： SPLUNK INC.

发明人： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC分类号： H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

摘要： Systems, methods, and software described herein provide security actions based on related security threat communications. In one example, a method of operating an advisement system includes identifying a security threat within the computing environment, wherein the computing environment comprises a plurality of computing assets. The method further provides obtaining descriptor information for the security threat, and retrieving related communication interactions based on the descriptor information. The method also includes generating a response to the security threat based on the related communication interactions.