公开(公告)号：US11494381B1

公开(公告)日：2022-11-08

申请号：US17163308

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Kyle Champlin ,  Cory Chen ,  Patrick Schulz ,  Jason Szeto

IPC: G06F16/2455 ,  G06F3/14 ,  G06F16/248

Abstract: A software module ingests data into a data intake and query system. At least a portion of the data is cloud data. The software module includes an event type definition that specifies a type of data to be ingested by the software module, a first tag that associates ingested data of the event type with a data model, and a second tag that designates ingested data of the event type as cloud data. The ingested data is stored in a data repository, and subsequently a search query that includes the first tag and the second tag is executed against the data repository, to identify ingested cloud data that satisfies the search query and a first search constraint specified in the data model. A display device is caused to display a visualization based on the identified ingested cloud data that satisfies the search query.

公开(公告)号：US12197442B1

公开(公告)日：2025-01-14

申请号：US17937902

申请日：2022-10-04

Applicant: Splunk Inc.

Inventor： Kyle Champlin ,  Cory Chen ,  Patrick Schulz ,  Jason Szeto

IPC: G06F16/24 ,  G06F3/14 ,  G06F16/2455 ,  G06F16/248

Abstract: A software module ingests data into a data intake and query system. At least a portion of the data is cloud data. The software module includes an event type definition that specifies a type of data to be ingested by the software module, a first tag that associates ingested data of the event type with a data model, and a second tag that designates ingested data of the event type as cloud data. The ingested data is stored in a data repository, and subsequently a search query that includes the first tag and the second tag is executed against the data repository, to identify ingested cloud data that satisfies the search query and a first search constraint specified in the data model. A display device is caused to display a visualization based on the identified ingested cloud data that satisfies the search query.

公开(公告)号：US20220141188A1

公开(公告)日：2022-05-05

申请号：US17213864

申请日：2021-03-26

Applicant: Splunk Inc.

Inventor： James Apger ,  Kyle Champlin

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26

Abstract: Described herein, is a technique of data reduction and focusing for system and network security. Anomaly alerts pertain to specific risk objects that are network devices or users that triggered the associated anomaly. Threat objects are entities used by the risk object that include the specific activity of the risk object that triggered the anomaly. Once identified, threat objects are linked to the risk objects that they respectively pertain to. The link between a risk object and a threat object is generated via searchable metadata. Through linking, relationships are built between threat objects and risk objects. Links are between a number (N) risk objects and a number (M) of threat objects. The relationships are surfaced to a user based on satisfaction of predetermined thresholds. Examples of display to the user may include generation of a threat report, anomaly alerts, or graphical presentations depicting the links in the relationship(s). Where alerts are limited (via searches or reports) to relationships between threat objects and risk objects that are of a predetermined character, the excessive amount of data is reduced to a manageable number of notices.