-
公开(公告)号:US20190158524A1
公开(公告)日:2019-05-23
申请号:US16250989
申请日:2019-01-17
Applicant: SPLUNK INC.
Inventor: Joseph Auguste Zadeh , Rodolfo Soto , George Apostolopoulos , John Clifton Pierce
CPC classification number: H04L63/1425 , H04L41/12 , H04L43/045 , H04L43/08 , H04L43/106 , H04L61/103 , H04L61/15 , H04L61/2007 , H04L61/2015 , H04L61/6022 , H04L67/30
Abstract: Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate an entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges. The entity relationship graph can then be monitored to detect anomalous activity.
-
公开(公告)号:US10237294B1
公开(公告)日:2019-03-19
申请号:US15420039
申请日:2017-01-30
Applicant: Splunk Inc.
Inventor: Joseph Auguste Zadeh , Rodolfo Soto , George Apostolopoulos , John Clifton Pierce
Abstract: Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate a entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges. The entity relationship graph can then be monitored to detect anomalous activity.
-
公开(公告)号:US20180219879A1
公开(公告)日:2018-08-02
申请号:US15418464
申请日:2017-01-27
Applicant: Splunk, Inc.
Inventor: John Clifton Pierce
Abstract: Various embodiments of the present invention set forth techniques for security monitoring of a network connection, including analyzing network traffic data for a network connection associated with a computing device, identifying one or more network traffic metrics for the network connection based on the network traffic data, determining that the network connection corresponds to at least one network connection profile based on the one or more network traffic metrics, detecting a potential security threat for the network connection based on the one or more network traffic metrics and the at least one network connection profile, and initiating a mitigation action with respect to the network connection in response to detecting the potential security threat. Advantageously, the techniques allow detecting potential security threats based on network traffic metrics and categorizations, without requiring monitoring of the content or the total volume of all traffic exchanged via the connection.
-
Patent Agency Ranking
公开(公告)号:US10693900B2
公开(公告)日:2020-06-23
申请号:US16250989
申请日:2019-01-17
Applicant: SPLUNK INC.
Inventor: Joseph Auguste Zadeh , Rodolfo Soto , George Apostolopoulos , John Clifton Pierce
Abstract: Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate an entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges. The entity relationship graph can then be monitored to detect anomalous activity.
-
公开(公告)号:US11627149B2
公开(公告)日:2023-04-11
申请号:US16889486
申请日:2020-06-01
Applicant: Splunk, Inc.
Inventor: John Clifton Pierce
IPC: G06F21/00 , H04L9/40 , H04L43/0888 , H04L41/142 , H04L43/0894
Abstract: Various embodiments of the present invention set forth techniques for security monitoring of a network connection, including analyzing network traffic data for a network connection associated with a computing device, identifying one or more network traffic metrics for the network connection based on the network traffic data, determining that the network connection corresponds to at least one network connection profile based on the one or more network traffic metrics, detecting a potential security threat for the network connection based on the one or more network traffic metrics and the at least one network connection profile, and initiating a mitigation action with respect to the network connection in response to detecting the potential security threat. Advantageously, the techniques allow detecting potential security threats based on network traffic metrics and categorizations, without requiring monitoring of the content or the total volume of all traffic exchanged via the connection.
-
公开(公告)号:US11463464B2
公开(公告)日:2022-10-04
申请号:US16883887
申请日:2020-05-26
Applicant: Splunk Inc.
Inventor: Joseph Auguste Zadeh , Rodolfo Soto , George Apostolopoulos , John Clifton Pierce
IPC: H04L29/06 , H04L9/40 , H04L43/08 , H04L43/045 , H04L67/30 , H04L61/45 , H04L61/103 , H04L61/5014 , H04L43/106 , H04L41/12 , H04L61/5007 , H04L101/622
Abstract: Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate an entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges. The entity relationship graph can then be monitored to detect anomalous activity.
-
公开(公告)号:US20200287927A1
公开(公告)日:2020-09-10
申请号:US16883887
申请日:2020-05-26
Applicant: Splunk Inc.
Inventor: Joseph Auguste Zadeh , Rodolfo Soto , George Apostolopoulos , John Clifton Pierce
Abstract: Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate an entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges. The entity relationship graph can then be monitored to detect anomalous activity.
-
公开(公告)号:US10673870B2
公开(公告)日:2020-06-02
申请号:US15418464
申请日:2017-01-27
Applicant: Splunk, Inc.
Inventor: John Clifton Pierce
Abstract: Various embodiments of the present invention set forth techniques for security monitoring of a network connection, including analyzing network traffic data for a network connection associated with a computing device, identifying one or more network traffic metrics for the network connection based on the network traffic data, determining that the network connection corresponds to at least one network connection profile based on the one or more network traffic metrics, detecting a potential security threat for the network connection based on the one or more network traffic metrics and the at least one network connection profile, and initiating a mitigation action with respect to the network connection in response to detecting the potential security threat. Advantageously, the techniques allow detecting potential security threats based on network traffic metrics and categorizations, without requiring monitoring of the content or the total volume of all traffic exchanged via the connection.
-
-
-
-
-
-
-
Search Results
8
records
(took 0.02 seconds)
