专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US11178167B2 Graphical display suppressing events indicating security threats in an information technology system 有权
公开(公告)号：US11178167B2
公开(公告)日：2021-11-16
申请号：US16526354
申请日：2019-07-30
申请人： SPLUNK INC.
发明人： John Coates , Lucas Murphey , David Hazekamp , James Hansen
IPC分类号： H04L29/06 , G06F16/28 , G06F21/55
摘要： A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.

12. 发明授权

US11134094B2 Detection of potential security threats in machine data based on pattern detection 有权
公开(公告)号：US11134094B2
公开(公告)日：2021-09-28
申请号：US16777544
申请日：2020-01-30
申请人： SPLUNK INC.
发明人： Munawar Monzy Merza , John Coates , James M Hansen , Lucas Murphey , David Hazekamp , Michael Kinsley , Alexander Raitz
IPC分类号： H04L29/06 , G06F21/55 , G06F16/2458
摘要： A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.

13. 发明申请

US20190356690A1 GRAPHICAL DISPLAY SUPPRESSING EVENTS INDICATING SECURITY THREATS IN AN INFORMATION TECHNOLOGY SYSTEM 审中-公开
公开(公告)号：US20190356690A1
公开(公告)日：2019-11-21
申请号：US16526354
申请日：2019-07-30
申请人： SPLUNK INC.
发明人： John Coates , Lucas Murphey , David Hazekamp , James Hansen
IPC分类号： H04L29/06 , G06F21/55 , G06F16/28
摘要： A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.

14. 发明申请

US20190124105A1 CONFIGURING THE GENERATION OF ADDITIONAL TIME-SERIES EVENT DATA BY REMOTE CAPTURE AGENTS 审中-公开
公开(公告)号：US20190124105A1
公开(公告)日：2019-04-25
申请号：US16228509
申请日：2018-12-20
申请人： Splunk Inc.
发明人： Vijay Chauhan , Devendra M. Badhani , Luke K. Murphey , David Hazekamp
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , H04L63/0218 , H04L63/0236
摘要： The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.

15. 发明授权

US10250628B2 Storyboard displays of information technology investigative events along a timeline 有权
公开(公告)号：US10250628B2
公开(公告)日：2019-04-02
申请号：US15799906
申请日：2017-10-31
申请人： Splunk Inc
发明人： Vijay Chauhan , Cary Noel , Wenhui Yu , Luke Murphey , Alexander Raitz , David Hazekamp
IPC分类号： H04L29/06 , G06F17/24 , G06F17/30 , G06F21/62 , H04L12/26 , G06F3/0484
摘要： Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

16. 发明申请

US20180351990A1 GRAPHICAL DISPLAY OF EVENTS INDICATING SECURITY THREATS IN AN INFORMATION TECHNOLOGY SYSTEM 审中-公开
公开(公告)号：US20180351990A1
公开(公告)日：2018-12-06
申请号：US15996866
申请日：2018-06-04
申请人： SPLUNK INC.
发明人： John Coates , Lucas Murphey , David Hazekamp , James Hansen
IPC分类号： H04L29/06 , G06F21/55 , G06F17/30
CPC分类号： H04L63/1433 , G06F16/285 , G06F21/554 , G06F2221/034 , G06F2221/2151 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/20
摘要： A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.

17. 发明申请

US20180091528A1 CONFIGURING MODULAR ALERT ACTIONS AND REPORTING ACTION PERFORMANCE INFORMATION 审中-公开
公开(公告)号：US20180091528A1
公开(公告)日：2018-03-29
申请号：US15276756
申请日：2016-09-26
申请人： Splunk Inc.
发明人： Banipal Shahbaz , Siri Atma Oaklander De Licori , John Robert Coates , David Hazekamp , Devendra Badhani , Luke Murphey , Patrick Schulz
IPC分类号： H04L29/06
摘要： Techniques and mechanisms are disclosed for configuring actions to be performed by a network security application in response to the detection of potential security incidents, and for causing a network security application to report on the performance of those actions. For example, users may use such a network security application to configure one or more “modular alerts.” As used herein, a modular alert generally represents a component of a network security application which enables users to specify security modular alert actions to be performed in response to the detection of defined triggering conditions, and which further enables tracking information related to the performance of modular alert actions and reporting on the performance of those actions.

18. 发明申请

US20170142146A1 CAPTURE TRIGGERS FOR CAPTURING NETWORK DATA 有权
公开(公告)号：US20170142146A1
公开(公告)日：2017-05-18
申请号：US15421269
申请日：2017-01-31
申请人： Splunk Inc.
发明人： Vijay Chauhan , Devendra M. Badhani , Luke K. Murphey , David Hazekamp
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , H04L63/0218 , H04L63/0236
摘要： The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.

19. 发明授权

US09516052B1 Timeline displays of network security investigation events 有权
标题翻译：时间线显示网络安全调查事件
公开(公告)号：US09516052B1
公开(公告)日：2016-12-06
申请号：US14815981
申请日：2015-08-01
申请人： Splunk Inc.
发明人： Vijay Chauhan , Cary Noel , Wenhui Yu , Luke Murphey , Alexander Raitz , David Hazekamp
IPC分类号： H04L29/06 , G06F17/30 , G06F3/0484 , G06F17/24 , H04L12/26
CPC分类号： H04L63/1425 , G06F3/0484 , G06F17/241 , G06F17/30551 , G06F17/30554 , G06F17/30557 , G06F21/629 , G06F2221/2151 , H04L43/06
摘要： Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.
摘要翻译：公开了技术和机制，使网络安全分析师和其他用户有效地进行网络安全调查并产生调查结果的有用表示。如本文所使用的，网络安全调查通常是指分析者（或分析师小组）对可能对管理的计算机网络造成内部和/或外部威胁的一个或多个检测到的网络事件的分析。网络安全应用程序提供各种接口，使用户能够创建调查时间表，其中调查时间表显示与特定网络安全调查相关的事件的集合。网络安全应用程序还提供监视和记录与网络安全应用程序的用户交互的功能，其中特定记录的用户交互也可以被添加到一个或多个调查时间线。

20. 发明授权

US09516046B2 Analyzing a group of values extracted from events of machine data relative to a population statistic for those values 有权
标题翻译：分析从机器数据事件中提取的一组相对于这些值的人口统计量的值
公开(公告)号：US09516046B2
公开(公告)日：2016-12-06
申请号：US14929321
申请日：2015-10-31
申请人： Splunk Inc.
发明人： Munawar Monzy Merza , John Coates , James M Hansen , Lucas Murphey , David Hazekamp , Michael Kinsley , Alexander Raitz
IPC分类号： H04L29/06 , G06F21/55
CPC分类号： H04L63/1425 , G06F17/30551 , G06F21/552 , G06F2221/2151 , H04L63/1408 , H04L63/1416
摘要： A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.
摘要翻译：为表征计算通信或对象的一组事件中的每个事件确定度量值。例如，度量值可以包括事件中的URL或代理字符串的长度。生成子集标准，使得子集内的度量值与群体的中心（例如，分布尾部）相对分开。将标准应用于度量值产生一个子集。该子集的表示呈现在交互式仪表板中。该表示可以包括子集中的唯一值和相应事件发生的计数。客户端可以选择表示中的特定元素，以便相对于子集中的特定值对应的各个事件来呈现更多的细节。因此，客户可以使用他们的知识系统操作和遵守价值频率和基础事件来识别异常度量值和潜在的安全威胁。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式