-
公开(公告)号:US11593477B1
公开(公告)日:2023-02-28
申请号:US16779465
申请日:2020-01-31
申请人: Splunk Inc.
发明人: Vadan Thimmegowda , Sourabh Satish , Tejas Wanjari
摘要: Techniques are described that enable an IT and security operations application to prioritize the processing of selected events for a defined period of time. Data is obtained reflecting activity within an IT environment, wherein the data includes a plurality of events each representing an occurrence of activity within the IT environment. A severity level is assigned to each event of the plurality of events, where the events are processed by the IT and security operations application in an order that is based at least in part on the severity level assigned to each event. Input is received identifying at least one event of the plurality of events for expedited processing to obtain a set of expedited events, and the identified events are processed by the IT and security operations application before processing events that are not in the set of expedited events.
-
公开(公告)号:US11416561B1
公开(公告)日:2022-08-16
申请号:US16429044
申请日:2019-06-02
申请人: Splunk Inc.
发明人: Sourabh Satish , David Wayman , Kavita Varadarajan
IPC分类号: G06F16/906 , H04L9/40 , G06F16/907 , G06F16/9038 , G06F16/11 , G06F3/0482
摘要: Techniques are described for enabling analysts and other users of an IT operations platform to identify certain data objects managed by the platform (for example, events, files, notes, actions results, etc.) as “evidence” when such data objects are believed to be of particular significance to an investigation or other matter. For example, an event generated based on data ingested from an anti-virus service and representing a security-related incident might include artifacts indicating an asset identifier, a hash value of a suspected malicious file, a file path on the infected endpoint, and so forth. An analyst can use various interfaces and interface elements of an IT operations platform to indicate which of such events and/or artifacts, if any, represent evidence in the context of the investigation that the analyst is conducting. In response, the IT operations platform can perform various automated actions.
-
公开(公告)号:US11218357B1
公开(公告)日:2022-01-04
申请号:US16120010
申请日:2018-08-31
申请人: Splunk Inc.
摘要: Described herein are systems, methods, and software to enhance incident response for an information technology (IT) environment. In one implementation, an incident service identifies an incident in the IT environment and determines a correlation between the incident and other incidents in the IT environment. Once correlated, the incident service aggregates incident data of the incident with incident data of the other incidents and generates a summary using the aggregated incident data.
-
4.发明申请公开(公告)号:US20210385123A1
公开(公告)日:2021-12-09
申请号:US17407738
申请日:2021-08-20
申请人: Splunk Inc.
摘要: Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.
-
公开(公告)号:US11190539B2
公开(公告)日:2021-11-30
申请号:US16699299
申请日:2019-11-29
申请人: Splunk Inc.
IPC分类号: H04L29/06 , G06F21/55 , G06F16/28 , H04L12/851
摘要: Systems, methods, and software described herein provide for managing service level agreements (SLAs) for security incidents in a computing environment. In one example, an advisement system identifies a rule set for a security incident based on enrichment information obtained for the security incident, wherein the rule set is associated with action recommendations to be taken against the incident. The advisement system further identifies a default SLA for the security incident based on the rule set, and obtains environmental characteristics related to the security incident. Based on the environmental characteristics, the advisement system determines a modified SLA for the security incident.
-
公开(公告)号:US20210314347A1
公开(公告)日:2021-10-07
申请号:US17185612
申请日:2021-02-25
申请人: Splunk Inc.
摘要: Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.
-
公开(公告)号:US20210281601A1
公开(公告)日:2021-09-09
申请号:US17326070
申请日:2021-05-20
申请人: Splunk Inc.
摘要: Systems, methods, and software described herein provide action recommendations to administrators of a computing environment based on effectiveness of previously implemented actions. In one example, an advisement system identifies a security incident for an asset in the computing environment, and obtains enrichment information for the incident. Based on the enrichment information a rule set and associated recommended security actions are identified for the incident. Once the recommended security actions are identified, a subset of the action recommendations are organized based on previous action implementations in the computing environment, and the subset is provided to an administrator for selection.
-
公开(公告)号:US11061548B1
公开(公告)日:2021-07-13
申请号:US16657995
申请日:2019-10-18
申请人: Splunk Inc.
发明人: Timur Catakli , Sourabh Satish
IPC分类号: G06F3/048 , G06F3/0484 , G06F3/0482 , G06F16/25 , G06F9/451
摘要: An information technology (IT) and security operations application is described that stores data reflecting customizations that users make to GUIs displaying information about various types of incidents, and further uses such data to generate “popular” interface profiles indicating popular GUI modifications. The analysis of the GUI customizations data is performed using data associated with multiple tenants of the IT and security operations application to develop profiles that may represent a general consensus on a collection and arrangement of interface elements that enable analysts to efficiently respond to certain types of incidents. Users of the IT and security operations application can then optionally apply these popular interface profiles to various GUIs during their use of the application. Among other benefits, the ability to generate and provide popular interface profiles can help analysts and other users more efficiently investigate and respond to a wide variety of incidents within IT environments, thereby improving the operation and security of those environments.
-
9.发明授权公开(公告)号:US10936488B1
公开(公告)日:2021-03-02
申请号:US16119773
申请日:2018-08-31
申请人: Splunk Inc.
IPC分类号: G06F11/07 , G06F12/0804
摘要: Described herein are systems, methods, and software to improve incident response in an information technology (IT) environment. In one example, an incident service executes a course of action with one or more actions to respond to an incident in the IT environment. During execution, the incident service identifies a request to obtain data from an external service outside of the IT environment and determines whether the data is cached in a data store for the IT environment. If cached, the incident service obtains the data for the action from the data store. In contrast, if the data is not cached, the incident service obtains the data for the action from the external service.
-
公开(公告)号:US10904295B2
公开(公告)日:2021-01-26
申请号:US16817070
申请日:2020-03-12
申请人: Splunk Inc.
摘要: Systems, methods, and software described herein provide for identifying recommended feature sets for new security applications. In one example, a method of providing recommended feature sets for a new security application includes identifying a request for the new security application, and determining a classification for the new security application. The method further provides identifying related applications to the new security application based on the classification, and identifying a feature set for the new security application based on features provided in the related applications.
-
-
-
-
-
-
-
-
-
搜索结果
63 条记录 (耗时 0.035 秒)