专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20200169579A1 DETECTION OF POTENTIAL SECURITY THREATS IN MACHINE DATA BASED ON PATTERN DETECTION 审中-公开
公开(公告)号：US20200169579A1
公开(公告)日：2020-05-28
申请号：US16777544
申请日：2020-01-30
申请人： SPLUNK INC.
发明人： Munawar Monzy Merza , John Coates , James M. Hansen , Lucas Murphey , David Hazekamp , Michael Kinsley , Alexander Raitz
IPC分类号： H04L29/06 , G06F21/55
摘要： A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.

2. 发明授权

US10382472B2 Graphical display of events indicating security threats in an information technology system 有权
公开(公告)号：US10382472B2
公开(公告)日：2019-08-13
申请号：US15996866
申请日：2018-06-04
申请人： SPLUNK INC.
发明人： John Coates , Lucas Murphey , David Hazekamp , James Hansen
IPC分类号： H04L29/06 , G06F16/28 , G06F21/55
摘要： A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.

3. 发明申请

US20190166146A1 Displaying Network Security Events and Investigation Activities Across Investigation Timelines 审中-公开
公开(公告)号：US20190166146A1
公开(公告)日：2019-05-30
申请号：US16264561
申请日：2019-01-31
申请人： Splunk Inc,
发明人： Vijay Chauhan , Cary Noel , Wenhui Yu , Luke Murphey , Alexander Raitz , David Hazekamp
IPC分类号： H04L29/06 , G06F17/24 , G06F21/62 , G06F16/2458 , G06F16/25 , H04L12/26 , G06F3/0484 , G06F16/248
摘要： Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

4. 发明授权

US09843598B2 Capture triggers for capturing network data 有权
公开(公告)号：US09843598B2
公开(公告)日：2017-12-12
申请号：US15421269
申请日：2017-01-31
申请人： Splunk Inc.
发明人： Vijay Chauhan , Devendra M. Badhani , Luke K. Murphey , David Hazekamp
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , H04L63/0218 , H04L63/0236
摘要： The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.

5. 发明申请

US20170048265A1 Detection of Potential Security Threats Based on Categorical Patterns 审中-公开
标题翻译：基于分类模式检测潜在的安全威胁
公开(公告)号：US20170048265A1
公开(公告)日：2017-02-16
申请号：US15339955
申请日：2016-11-01
申请人： Splunk Inc.
发明人： Munawar Monzy Merza , John Coates , James M. Hansen , Lucas Murphey , David Hazekamp , Michael Kinsley , Alexander Raitz
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , G06F17/30551 , G06F21/552 , G06F2221/2151 , H04L63/1408 , H04L63/1416
摘要： A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.
摘要翻译：为表征计算通信或对象的一组事件中的每个事件确定度量值。例如，度量值可以包括事件中的URL或代理字符串的长度。生成子集标准，使得子集内的度量值与群体的中心（例如，分布尾部）相对分开。将标准应用于度量值产生一个子集。该子集的表示呈现在交互式仪表板中。该表示可以包括子集中的唯一值和相应事件发生的计数。客户端可以选择表示中的特定元素，以便相对于子集中的特定值对应的各个事件来呈现更多的细节。因此，客户可以使用他们的知识系统操作和遵守价值频率和基础事件来识别异常度量值和潜在的安全威胁。

6. 发明申请

US20160308733A1 Systems and Methods for Indicating Deployment of Application Features 审中-公开
标题翻译：指示部署应用程序功能的系统和方法
公开(公告)号：US20160308733A1
公开(公告)日：2016-10-20
申请号：US14690741
申请日：2015-04-20
申请人： Splunk Inc.
发明人： Vijay Chauhan , Liu-Yuan Lai , Wenhui Yu , Luke Murphey , David Hazekamp
IPC分类号： H04L12/24 , H04L29/08
CPC分类号： H04L67/02 , H04L67/34 , H04L67/36
摘要： Provided are systems and methods for indicating deployment of application features. In one embodiment, a method is provided that includes determining available features of a current deployment of an application for receiving machine-generated data from one or more data sources of a data system, determining un-deployed features of the current deployment of the application, wherein the un-deployed features comprise one or more of the available features that is configured to use input data from a data source and wherein the input data is not available to the feature in the current deployment of the application, and causing display of a deployment graphical user interface (GUI) that comprises an indication of the un-deployed features.
摘要翻译：提供了用于指示部署应用程序功能的系统和方法。在一个实施例中，提供了一种方法，其包括确定用于从数据系统的一个或多个数据源接收机器生成的数据的应用的当前部署的可用特征，确定应用的当前部署的未部署的特征，其中未部署的特征包括被配置为使用来自数据源的输入数据的一个或多个可用特征，并且其中所述输入数据对所述应用的当前部署中的所述特征不可用，并且导致展开图形用户界面（GUI），其包括未部署的特征的指示。

7. 发明申请

US20160182546A1 Identifying Possible Security Threats Using Event Group Summaries 有权
标题翻译：使用事件组摘要识别可能的安全威胁
公开(公告)号：US20160182546A1
公开(公告)日：2016-06-23
申请号：US15056999
申请日：2016-02-29
申请人： Splunk Inc.
发明人： John Coates , Lucas Murphey , David Hazekamp , James Hansen
IPC分类号： H04L29/06 , G06F21/55
CPC分类号： H04L63/1433 , G06F17/30598 , G06F21/554 , G06F2221/034 , G06F2221/2151 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/20
摘要： A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.
摘要翻译：所公开的计算机实现的方法包括接收和索引原始数据。索引包括将原始数据划分为包含与计算机或网络安全相关的信息的时间戳搜索事件。将索引数据存储在索引数据存储中，并使用模式从索引数据中的字段中提取值。搜索提取的字段值以获取安全信息。使用安全信息确定一组安全事件。每个安全事件都包括由条件指定的字段值。提供包括安全事件组的摘要，安全事件的其他摘要和删除元素（与摘要相关联）的图形界面（GI）。接收与删除元素的交互相对应的输入。与删除元素进行交互会导致摘要从GI中移除。更新GI以从GI中删除摘要。

8. 发明申请

US20160127401A1 CAPTURE TRIGGERS FOR CAPTURING NETWORK DATA 有权
标题翻译：捕获网络数据的捕获触发器
公开(公告)号：US20160127401A1
公开(公告)日：2016-05-05
申请号：US14528918
申请日：2014-10-30
申请人： Splunk Inc.
发明人： Vijay Chauhan , Devendra M. Badhani , Luke K. Murphey , David Hazekamp
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , H04L63/0218 , H04L63/0236
摘要： The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.
摘要翻译：所公开的实施例提供了有助于网络数据的处理的系统。在运行期间，系统提供一种风险识别机制，用于从由分布在网络上的一个或多个远程捕获代理捕获的网络分组产生的时间序列事件数据中识别安全风险。接下来，系统提供捕获触发器，用于基于安全风险从一个或多个远程捕获代理上的网络分组生成附加的时间序列事件数据，其中附加的时间序列事件数据包括一个或多个事件属性。

9. 发明授权

US09276946B2 Blacklisting and whitelisting of security-related events 有权
标题翻译：将安全相关事件列入黑名单并列出白名单
公开(公告)号：US09276946B2
公开(公告)日：2016-03-01
申请号：US14280311
申请日：2014-05-16
申请人： Splunk Inc.
发明人： John Coates , Lucas Murphey , David Hazekamp , James Hansen
IPC分类号： G06F11/00 , H04L29/06
CPC分类号： H04L63/1433 , G06F17/30598 , G06F21/554 , G06F2221/034 , G06F2221/2151 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/20
摘要： A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.
摘要翻译：所公开的计算机实现的方法包括接收和索引原始数据。索引包括将原始数据划分为包含与计算机或网络安全相关的信息的时间戳搜索事件。将索引数据存储在索引数据存储中，并使用模式从索引数据中的字段中提取值。搜索提取的字段值以获取安全信息。使用安全信息确定一组安全事件。每个安全事件都包括由条件指定的字段值。提供包括安全事件组的摘要，安全事件的其他摘要和删除元素（与摘要相关联）的图形界面（GI）。接收与删除元素的交互相对应的输入。与删除元素进行交互会导致摘要从GI中移除。更新GI以从GI中删除摘要。

10. 发明申请

US20160019316A1 WIZARD FOR CREATING A CORRELATION SEARCH 审中-公开
标题翻译：创建关联搜索的向导
公开(公告)号：US20160019316A1
公开(公告)日：2016-01-21
申请号：US14448081
申请日：2014-07-31
申请人： Splunk Inc.
发明人： Lucas Murphey , David Hazekamp
IPC分类号： G06F17/30
CPC分类号： G06F16/90335 , G06F16/9032
摘要： One or more processing devices provide a wizard for generating a correlation search, the wizard facilitating user input of (i) one or more search criteria for a search query of the correlation search, (ii) a triggering condition to be applied to a dataset produced by the search query, and (iii) one or more actions to be performed when the dataset produced by the search query satisfies the triggering condition, and causing generation of the correlation search based on the user input.
摘要翻译：一个或多个处理设备提供用于生成相关搜索的向导，所述向导促进用户输入（i）用于搜索查询的相关搜索的一个或多个搜索条件，（ii）要应用于产生的数据集的触发条件通过搜索查询，以及（iii）当由搜索查询产生的数据集满足触发条件时要执行的一个或多个动作，并且基于用户输入产生相关搜索。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式