专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US10091227B2 Detection of potential security threats based on categorical patterns 有权
公开(公告)号：US10091227B2
公开(公告)日：2018-10-02
申请号：US15339955
申请日：2016-11-01
申请人： Splunk Inc.
发明人： Munawar Monzy Merza , John Coates , James M Hansen , Lucas Murphey , David Hazekamp , Michael Kinsley , Alexander Raitz
IPC分类号： H04L29/06 , G06F21/55 , G06F17/30
摘要： A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.

2. 发明申请

US20160057162A1 DETECTION OF POTENTIAL SECURITY THREATS FROM EVENT DATA 有权
标题翻译：从事件数据中检测潜在安全威胁
公开(公告)号：US20160057162A1
公开(公告)日：2016-02-25
申请号：US14929321
申请日：2015-10-31
申请人： Splunk Inc.
发明人： Munawar Monzy Merza , John Coates , James M Hansen , Lucas Murphey , David Hazekamp , Michael Kinsley , Alexander Raitz
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , G06F17/30551 , G06F21/552 , G06F2221/2151 , H04L63/1408 , H04L63/1416
摘要： A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.
摘要翻译：为表征计算通信或对象的一组事件中的每个事件确定度量值。例如，度量值可以包括事件中的URL或代理字符串的长度。生成子集标准，使得子集内的度量值与群体的中心（例如，分布尾部）相对分开。将标准应用于度量值产生一个子集。该子集的表示呈现在交互式仪表板中。该表示可以包括子集中的唯一值和相应事件发生的计数。客户端可以选择表示中的特定元素，以便相对于子集中的特定值对应的各个事件来呈现更多的细节。因此，客户可以使用他们的知识系统操作和遵守价值频率和基础事件来识别异常度量值和潜在的安全威胁。

3. 发明授权

US10567412B2 Security threat detection based o patterns in machine data events 有权
公开(公告)号：US10567412B2
公开(公告)日：2020-02-18
申请号：US16100147
申请日：2018-08-09
申请人： SPLUNK INC.
发明人： Munawar Monzy Merza , John Coates , James M Hansen , Lucas Murphey , David Hazekamp , Michael Kinsley , Alexander Raitz
IPC分类号： H04L29/06 , G06F21/55 , G06F16/2458
摘要： A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.

4. 发明申请

US20180351983A1 Security Threat Detection based on Patterns in Machine Data Events 审中-公开
公开(公告)号：US20180351983A1
公开(公告)日：2018-12-06
申请号：US16100147
申请日：2018-08-09
申请人： SPLUNK INC.
发明人： Munawar Monzy Merza , John Coates , James M Hansen , Lucas Murphey , David Hazekamp , Michael Kinsely , Alexander Raitz
IPC分类号： H04L29/06 , G06F21/55 , G06F17/30
CPC分类号： H04L63/1425 , G06F16/2477 , G06F21/552 , G06F2221/2151 , H04L63/1408 , H04L63/1416
摘要： A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.

5. 发明授权

US11134094B2 Detection of potential security threats in machine data based on pattern detection 有权
公开(公告)号：US11134094B2
公开(公告)日：2021-09-28
申请号：US16777544
申请日：2020-01-30
申请人： SPLUNK INC.
发明人： Munawar Monzy Merza , John Coates , James M Hansen , Lucas Murphey , David Hazekamp , Michael Kinsley , Alexander Raitz
IPC分类号： H04L29/06 , G06F21/55 , G06F16/2458
摘要： A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.

6. 发明授权

US09516046B2 Analyzing a group of values extracted from events of machine data relative to a population statistic for those values 有权
标题翻译：分析从机器数据事件中提取的一组相对于这些值的人口统计量的值
公开(公告)号：US09516046B2
公开(公告)日：2016-12-06
申请号：US14929321
申请日：2015-10-31
申请人： Splunk Inc.
发明人： Munawar Monzy Merza , John Coates , James M Hansen , Lucas Murphey , David Hazekamp , Michael Kinsley , Alexander Raitz
IPC分类号： H04L29/06 , G06F21/55
CPC分类号： H04L63/1425 , G06F17/30551 , G06F21/552 , G06F2221/2151 , H04L63/1408 , H04L63/1416
摘要： A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.
摘要翻译：为表征计算通信或对象的一组事件中的每个事件确定度量值。例如，度量值可以包括事件中的URL或代理字符串的长度。生成子集标准，使得子集内的度量值与群体的中心（例如，分布尾部）相对分开。将标准应用于度量值产生一个子集。该子集的表示呈现在交互式仪表板中。该表示可以包括子集中的唯一值和相应事件发生的计数。客户端可以选择表示中的特定元素，以便相对于子集中的特定值对应的各个事件来呈现更多的细节。因此，客户可以使用他们的知识系统操作和遵守价值频率和基础事件来识别异常度量值和潜在的安全威胁。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式