专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

51. 发明申请

US20150040225A1 BLACKLISTING AND WHITELISTING OF SECURITY-RELATED EVENTS 有权
标题翻译：安全相关活动的黑名单和白名单
公开(公告)号：US20150040225A1
公开(公告)日：2015-02-05
申请号：US14280311
申请日：2014-05-16
申请人： Splunk Inc.
发明人： John Coates , Lucas Murphey , David Hazekamp , James Hansen
IPC分类号： H04L29/06
CPC分类号： H04L63/1433 , G06F17/30598 , G06F21/554 , G06F2221/034 , G06F2221/2151 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/20
摘要： A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.
摘要翻译：所公开的计算机实现的方法包括接收和索引原始数据。索引包括将原始数据划分为包含与计算机或网络安全相关的信息的时间戳搜索事件。将索引数据存储在索引数据存储中，并使用模式从索引数据中的字段中提取值。搜索提取的字段值以获取安全信息。使用安全信息确定一组安全事件。每个安全事件都包括由条件指定的字段值。提供包括安全事件组的摘要，安全事件的其他摘要和删除元素（与摘要相关联）的图形界面（GI）。接收与删除元素的交互相对应的输入。与删除元素进行交互会导致摘要从GI中移除。更新GI以从GI中删除摘要。

52. 发明申请

US20220300522A1 GENERATING A CORRELATION SEARCH 有权
公开(公告)号：US20220300522A1
公开(公告)日：2022-09-22
申请号：US17833816
申请日：2022-06-06
申请人： Splunk Inc.
发明人： Lucas Murphey , David Hazekamp
IPC分类号： G06F16/2457 , G06F16/951 , G06F16/23 , G06F16/2458 , G06F16/2455 , G06F16/22 , G06F16/215
摘要： Systems and methods for assigning scores to objects based on evaluating triggering conditions applied to datasets produced by search queries in data aggregation and analysis systems. An example method includes causing display of a user interface for generating a correlation search, the correlation search comprising a search query, a triggering condition to be applied to a dataset produced by the search query, and one or more actions to be performed when the dataset produced by the search query satisfies the triggering condition, wherein the one or more actions comprise at least modifying a score assigned to an object to which the dataset produced by the search query pertains. The example method also includes receiving, via the user interface, user input identifying the one or more actions to be performed when the dataset produced by the search query satisfies the triggering condition, the one or more actions comprising modifying the score assigned to the object, and causing generation of the correlation search based on the user input, the correlation search reflecting an association between the one or more actions and the triggering condition.

53. 发明授权

US11363047B2 Generating investigation timeline displays including activity events and investigation workflow events 有权
公开(公告)号：US11363047B2
公开(公告)日：2022-06-14
申请号：US17018360
申请日：2020-09-11
申请人： Splunk Inc.
发明人： Vijay Chauhan , Cary Noel , Wenhui Yu , Luke Murphey , Alexander Raitz , David Hazekamp
IPC分类号： H04L9/40 , G06F3/0484 , G06F16/25 , G06F16/248 , G06F16/2458 , H04L43/026 , G06F40/169 , G06F21/62 , H04L43/06
摘要： Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

54. 发明授权

US11354322B2 Creating a correlation search 有权
公开(公告)号：US11354322B2
公开(公告)日：2022-06-07
申请号：US16715015
申请日：2019-12-16
申请人： Splunk Inc.
发明人： Lucas Murphey , David Hazekamp
IPC分类号： G06F16/20 , G06F16/2457 , G06F16/951 , G06F16/23 , G06F16/2458 , G06F16/2455 , G06F16/22 , G06F16/215
摘要： Systems and methods for assigning scores to objects based on evaluating triggering conditions applied to datasets produced by search queries in data aggregation and analysis systems. An example method may comprise providing an interface for generating a correlation search, the interface facilitating user input of (i) one or more search criteria for a search query of the correlation search, (ii) a triggering condition to be applied to a dataset produced by the search query, and (iii) one or more actions to be performed when the dataset produced by search query satisfies the triggering condition, wherein the one or more actions comprise at least modifying a score assigned to an object to which the dataset produced by the search query pertains, and causing generation of the correlation search based on the user input.

55. 发明授权

US11288283B2 Identifying metrics related to data ingestion associated with a defined time period 有权
公开(公告)号：US11288283B2
公开(公告)日：2022-03-29
申请号：US16394733
申请日：2019-04-25
申请人： SPLUNK INC.
发明人： Vijay Chauhan , Banipal Shahbaz , David Hazekamp
IPC分类号： G06F16/26 , G06F16/22 , G06F16/901
摘要： A data intake and query system measures an amount of raw data ingested by the system during defined periods of time. As used herein, ingesting raw data generally refers to receiving the raw data from one or more computing devices and processing the data for storage and searchability. Processing the data may include, for example, parsing the raw data into “events,” where each event includes a portion of the received data and is associated with a timestamp. Based on a calculated number of events generated by the system during one or more defined time periods, the system may calculate various metrics including, but not limited to, a number of events generated during a particular day, a number of events generated per day over a period of time, a maximum number of events generated in a day over a period of time, an average number of events generated per day, etc.

56. 发明授权

US10860655B2 Creating and testing a correlation search 有权
公开(公告)号：US10860655B2
公开(公告)日：2020-12-08
申请号：US15688323
申请日：2017-08-28
申请人： Splunk Inc.
发明人： Lucas Murphey , David Hazekamp
IPC分类号： G06F17/00 , G06F16/903 , G06F16/9032 , G06F16/906 , G06F16/907 , G06F17/30
摘要： One or more processing devices receive a definition of a search query for a correlation search of a data store, the data store comprising time-stamped events that each comprise a portion of raw machine data reflecting activity in an information technology environment and produced by a component of the information technology environment, receive a definition of a triggering condition to be applied to a dataset that is produced by the search query, receive a definition of one or more actions to be performed when the dataset produced by the search query satisfies the triggering condition, test the search query with the triggering condition, and cause, based on results of the testing, generation of the correlation search using the defined search query, the triggering condition, and the one or more actions, the correlation search comprising search processing language having the search query and a processing command for criteria on which the triggering condition is based.

57. 发明授权

US10817544B2 Scaling available storage based on counting generated events 有权
公开(公告)号：US10817544B2
公开(公告)日：2020-10-27
申请号：US14701301
申请日：2015-04-30
申请人： Splunk Inc.
发明人： Vijay Chauhan , Banipal Shahbaz , David Hazekamp
IPC分类号： G06F16/28 , G06F16/22 , G06F16/2458
摘要： A data intake and query system measures an amount of raw data ingested by the system during defined periods of time. As used herein, ingesting raw data generally refers to receiving the raw data from one or more computing devices and processing the data for storage and searchability. Processing the data may include, for example, parsing the raw data into “events,” where each event includes a portion of the received data and is associated with a timestamp. Based on a calculated number of events generated by the system during one or more defined time periods, the system may calculate various metrics including, but not limited to, a number of events generated during a particular day, a number of events generated per day over a period of time, a maximum number of events generated in a day over a period of time, an average number of events generated per day, etc.

58. 发明授权

US10735492B2 Reporting un-deployed application features 有权
公开(公告)号：US10735492B2
公开(公告)日：2020-08-04
申请号：US16397434
申请日：2019-04-29
申请人： SPLUNK INC.
发明人： Vijay Chauhan , Liu-Yuan Lai , Wenhui Yu , Luke Murphey , David Hazekamp
IPC分类号： H04L29/08 , G06F8/60 , G06F8/61
摘要： Provided are systems and methods for indicating deployment of application features. In one embodiment, a method is provided that includes determining available features of a current deployment of an application for receiving machine-generated data from one or more data sources of a data system, determining un-deployed features of the current deployment of the application, wherein the un-deployed features comprise one or more of the available features that is configured to use input data from a data source and wherein the input data is not available to the feature in the current deployment of the application, and causing display of a deployment graphical user interface (GUI) that comprises an indication of the un-deployed features.

59. 发明授权

US10567412B2 Security threat detection based o patterns in machine data events 有权
公开(公告)号：US10567412B2
公开(公告)日：2020-02-18
申请号：US16100147
申请日：2018-08-09
申请人： SPLUNK INC.
发明人： Munawar Monzy Merza , John Coates , James M Hansen , Lucas Murphey , David Hazekamp , Michael Kinsley , Alexander Raitz
IPC分类号： H04L29/06 , G06F21/55 , G06F16/2458
摘要： A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.

60. 发明申请

US20190251095A1 IDENTIFYING METRICS RELATED TO DATA INGESTION ASSOCIATED WITH A DEFINED TIME PERIOD 审中-公开
公开(公告)号：US20190251095A1
公开(公告)日：2019-08-15
申请号：US16394733
申请日：2019-04-25
申请人： SPLUNK INC.
发明人： Vijay Chauhan , Banipal Shahbaz , David Hazekamp
IPC分类号： G06F16/26 , G06F16/22 , G06F16/901
CPC分类号： G06F16/26 , G06F16/22 , G06F16/901 , G06Q2220/18
摘要： A data intake and query system measures an amount of raw data ingested by the system during defined periods of time. As used herein, ingesting raw data generally refers to receiving the raw data from one or more computing devices and processing the data for storage and searchability. Processing the data may include, for example, parsing the raw data into “events,” where each event includes a portion of the received data and is associated with a timestamp. Based on a calculated number of events generated by the system during one or more defined time periods, the system may calculate various metrics including, but not limited to, a number of events generated during a particular day, a number of events generated per day over a period of time, a maximum number of events generated in a day over a period of time, an average number of events generated per day, etc.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式