公开(公告)号：US20210250373A1

公开(公告)日：2021-08-12

申请号：US17242165

申请日：2021-04-27

Applicant: Splunk Inc.

Inventor： Sourabh SATISH ,  Oliver FRIEDRICHS ,  Atif MAHADIK ,  Govind SALINAS

IPC: H04L29/06 ,  G06F16/28 ,  G06F21/55 ,  H04L12/851

Abstract: Systems, methods, and software described herein provide security actions based on the current state of a security threat. In one example, a method of operating an advisement system in a computing environment with a plurality of computing assets includes identifying a security threat within the computing environment. The method further includes, in response to identifying the security threat, obtaining state information for the security threat within the computing environment, and determining a current state for the security threat within the computing environment. The method also provides obtaining enrichment information for the security threat and determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.

公开(公告)号：US20210326032A1

公开(公告)日：2021-10-21

申请号：US17358777

申请日：2021-06-25

Applicant: Splunk Inc.

Inventor： Timur CATAKLI ,  Sourabh SATISH

IPC: G06F3/0484 ,  G06F16/25 ,  G06F9/451 ,  G06F3/0482

Abstract: An information technology (IT) and security operations application is described that stores data reflecting customizations that users make to GUIs displaying information about various types of incidents, and further uses such data to generate “popular” interface profiles indicating popular GUI modifications. The analysis of the GUI customizations data is performed using data associated with multiple tenants of the IT and security operations application to develop profiles that may represent a general consensus on a collection and arrangement of interface elements that enable analysts to efficiently respond to certain types of incidents. Users of the IT and security operations application can then optionally apply these popular interface profiles to various GUIs during their use of the application. Among other benefits, the ability to generate and provide popular interface profiles can help analysts and other users more efficiently investigate and respond to a wide variety of incidents within IT environments, thereby improving the operation and security of those environments.

公开(公告)号：US20220247784A1

公开(公告)日：2022-08-04

申请号：US17163318

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Sourabh SATISH ,  Min XU ,  Yang LI ,  Yan LI

IPC: H04L29/06 ,  H04L12/24

Abstract: Techniques are described for providing an extension framework for an IT and security operations application. The described extension framework allows various types of users to extend the user interfaces, data content, and functionality of an IT and security operations application to enhance and enrich users' workflow and investigative experiences. Example types of extensions enabled by the extension framework include modifying or supplementing GUI elements and other components, where users can implement these extensions at pre-defined extension points of the IT and security operations application. The extension framework further includes a data integration system that provides users with mechanisms to integrate data from external applications, services, or other data sources into their plugins.

公开(公告)号：US20230388338A1

公开(公告)日：2023-11-30

申请号：US18228982

申请日：2023-08-01

Applicant: Splunk Inc.

Inventor： Sourabh SATISH ,  Oliver FRIEDRICHS ,  Atif MAHADIK ,  Govind SALINAS

IPC: H04L9/40 ,  G06F21/55 ,  G06F16/28

CPC classification number: H04L63/1441 ,  H04L63/20 ,  H04L63/1416 ,  G06F21/554 ,  G06F16/285 ,  H04L63/1433 ,  H04L63/0236 ,  H04L63/1425 ,  H04L47/2425

Abstract: Systems, methods, and software described herein provide security actions based on the current state of a security threat. In one example, a method of operating an advisement system in a computing environment with a plurality of computing assets includes identifying a security threat within the computing environment. The method further includes, in response to identifying the security threat, obtaining state information for the security threat within the computing environment, and determining a current state for the security threat within the computing environment. The method also provides obtaining enrichment information for the security threat and determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.

公开(公告)号：US20210258340A1

公开(公告)日：2021-08-19

申请号：US17306703

申请日：2021-05-03

Applicant: Splunk Inc.

Inventor： Sourabh SATISH ,  Oliver FRIEDRICHS ,  Atif MAHADIK ,  Govind SALINAS

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28

Abstract: Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.

公开(公告)号：US20190007448A1

公开(公告)日：2019-01-03

申请号：US16107972

申请日：2018-08-21

Applicant: Splunk Inc.

Inventor： Sourabh SATISH ,  Oliver FRIEDRICHS ,  Atif MAHADIK ,  Govind SALINAS

IPC: H04L29/06 ,  G06F17/30 ,  G06F21/55

CPC classification number: H04L63/1441 ,  G06F16/285 ,  G06F21/554 ,  H04L47/2425 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20

Abstract: Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.

公开(公告)号：US20240348644A1

公开(公告)日：2024-10-17

申请号：US18754090

申请日：2024-06-25

Applicant: Splunk Inc.

Inventor： Sourabh SATISH ,  Oliver FRIEDRICHS ,  Atif MAHADIK ,  Govind SALINAS

IPC: H04L9/40 ,  G06F16/28 ,  G06F21/55 ,  H04L47/2425

CPC classification number: H04L63/1441 ,  G06F16/285 ,  G06F21/554 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20 ,  H04L47/2425

Abstract: Aspects described herein provide security actions based on a current state of a security threat. In one example, a computer-implemented method includes identifying a security threat within a computing environment comprising a plurality of computing assets. The method further includes obtaining state information for the security threat within the computing environment from computing assets of the plurality of computing assets in the computing environment. The method further includes determining a current state for the security threat within the computing environment based on the state information. The method further includes obtaining enrichment information for the security threat that relates kill-state information to an identity of the security threat. The method further includes determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.

公开(公告)号：US20200287930A1

公开(公告)日：2020-09-10

申请号：US16736120

申请日：2020-01-07

Applicant: Splunk Inc.

Inventor： Sourabh SATISH ,  Oliver FRIEDRICHS ,  Atif MAHADIK ,  Govind SALINAS

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28

Abstract: Systems, methods, and software described herein provide security actions based on the current state of a security threat. In one example, a method of operating an advisement system in a computing environment with a plurality of computing assets includes identifying a security threat within the computing environment. The method further includes, in response to identifying the security threat, obtaining state information for the security threat within the computing environment, and determining a current state for the security threat within the computing environment. The method also provides obtaining enrichment information for the security threat and determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.

公开(公告)号：US20190020677A1

公开(公告)日：2019-01-17

申请号：US16107979

申请日：2018-08-21

Applicant: Splunk Inc.

Inventor： Sourabh SATISH ,  Oliver FRIEDRICHS ,  Atif MAHADIK ,  Govind SALINAS

IPC: H04L29/06 ,  G06F17/30 ,  G06F21/55

Abstract: Systems, methods, and software described herein provide security actions based on the current state of a security threat. In one example, a method of operating an advisement system in a computing environment with a plurality of computing assets includes identifying a security threat within the computing environment. The method further includes, in response to identifying the security threat, obtaining state information for the security threat within the computing environment, and determining a current state for the security threat within the computing environment. The method also provides obtaining enrichment information for the security threat and determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.

公开(公告)号：US20190014144A1

公开(公告)日：2019-01-10

申请号：US16107975

申请日：2018-08-21

Applicant: Splunk Inc.

Inventor： Sourabh SATISH ,  Oliver FRIEDRICHS ,  Atif MAHADIK ,  Govind SALINAS

IPC: H04L29/06 ,  G06F17/30 ,  G06F21/55

CPC classification number: H04L63/1441 ,  G06F16/285 ,  G06F21/554 ,  H04L47/2425 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20

Abstract: Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.