公开(公告)号：US12099492B1

公开(公告)日：2024-09-24

申请号：US18310476

申请日：2023-05-01

Applicant: Splunk Inc.

Inventor： Sumit Singh Bagga ,  Robin Jinyang Hu ,  Marios Iliofotou ,  Amarendra Pendala

IPC: G06F16/23 ,  G06F11/34 ,  G06F16/22 ,  G06F16/27 ,  H04L67/146

CPC classification number: G06F16/2322 ,  G06F11/3409 ,  G06F16/2282 ,  G06F16/273 ,  H04L67/146

Abstract: An identify resolution system performs actions comprises a set-up process and an identity resolution process that executes asynchronously with respect to the set-up process. the set-up process includes accessing machine data including a plurality of event data objects, each event data object of the plurality of event data objects including timestamped raw machine-generated data indicative of performance or operation of one or more entities in a computer network environment. The identity resolution process ascertains the identity of an entity associated with the computer network environment, based on the association data in the data store, wherein the identity of the entity is not expressed directly in the association data in the data store.

公开(公告)号：US11675771B1

公开(公告)日：2023-06-13

申请号：US17084239

申请日：2020-10-29

Applicant: Splunk Inc.

Inventor： Sumit Singh Bagga ,  Robin Jinyang Hu ,  Marios Iliofotou ,  Amarendra Pendala

IPC: G06F16/23 ,  G06F16/22 ,  H04L67/146 ,  G06F11/34 ,  G06F16/27

CPC classification number: G06F16/2322 ,  G06F11/3409 ,  G06F16/2282 ,  G06F16/273 ,  H04L67/146

Abstract: An identify resolution system performs actions comprises a set-up process and an identity resolution process that executes asynchronously with respect to the set-up process. the set-up process includes accessing machine data including a plurality of event data objects, each event data object of the plurality of event data objects including timestamped raw machine-generated data indicative of performance or operation of one or more entities in a computer network environment. The identity resolution process ascertains the identity of an entity associated with the computer network environment, based on the association data in the data store, wherein the identity of the entity is not expressed directly in the association data in the data store.

公开(公告)号：US11949702B1

公开(公告)日：2024-04-02

申请号：US18052030

申请日：2022-11-02

Applicant: Splunk Inc.

Inventor： Sumit Singh Bagga ,  Francis E. Gerard ,  Robin Jinyang Hu ,  Marios Iliofotou ,  J. Evan Jordan ,  Amarendra Pendala ,  Sourabh Satish

IPC: H04L12/00 ,  H04L9/40 ,  H04L65/61

CPC classification number: H04L63/1425 ,  H04L65/61

Abstract: A method comprises acquiring anomaly data including a plurality of anomalies detected from streaming data, wherein each of the anomalies relates to an entity on or associated with a computer network. The method determines a risk score of each of the anomalies, and adjusts the risk score of an anomaly according to a set of factors. The method further determines, for each of a plurality of sliding time windows of different lengths, an entity score of the entity in relation to the sliding time window, based on an aggregation of risk scores of all anomalies related to the entity that were detected within the sliding time window, where the entity score corresponds to a risk level associated with the entity. An action to prevent the entity from performing an operation can be determined and caused to occur based on the entity score.

公开(公告)号：US11552974B1

公开(公告)日：2023-01-10

申请号：US17086146

申请日：2020-10-30

Applicant: Splunk Inc.

Inventor： Sumit Singh Bagga ,  Francis E. Gerard ,  Robin Jinyang Hu ,  Marios Iliofotou ,  J. Evan Jordan ,  Amarendra Pendala ,  Sourabh Satish

IPC: H04L12/00 ,  H04L9/40 ,  H04L65/61

Abstract: A method comprises acquiring anomaly data including a plurality of anomalies detected from streaming data, wherein each of the anomalies relates to an entity on or associated with a computer network. The method determines a risk score of each of the anomalies, and adjusts the risk score of an anomaly according to a set of factors. The method further determines, for each of a plurality of sliding time windows of different lengths, an entity score of the entity in relation to the sliding time window, based on an aggregation of risk scores of all anomalies related to the entity that were detected within the sliding time window, where the entity score corresponds to a risk level associated with the entity. An action to prevent the entity from performing an operation can be determined and caused to occur based on the entity score.