公开(公告)号：US12164889B1

公开(公告)日：2024-12-10

申请号：US18539646

申请日：2023-12-14

Applicant: Splunk Inc.

Inventor： Matthew Hanson ,  Sydney Flak ,  Colin Fagan ,  Jeffery Roberts ,  Govinda Salinas ,  Philip Royer

IPC: G06F9/44 ,  G06F8/36 ,  G06F8/658 ,  G06F8/71 ,  G06F9/445

Abstract: Techniques are described for enabling users of an information technology (IT) and security operations application to create highly reusable custom functions for playbooks. The creation and execution of playbooks using an IT and security operations application generally enables users to automate operations related to an IT environment responsive to the identification of various types of incidents or other triggering conditions. Users can create playbooks to automate operations such as, for example, modifying firewall settings, quarantining devices, restarting servers, etc., to improve users' ability to efficiently respond to various types of incidents operational issues that arise from time to time in IT environments.

公开(公告)号：US12164565B2

公开(公告)日：2024-12-10

申请号：US18190519

申请日：2023-03-27

Applicant: Splunk Inc.

Inventor： Ram Sriharsha ,  Kristal Lyn Curtis ,  Iryna Vogler-Ivashchanka ,  Clark Eugene Mullen

IPC: G06F16/23 ,  G06F9/38 ,  G06F9/54 ,  G06F16/14 ,  G06F16/16 ,  G06F16/22 ,  G06F16/242 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/28 ,  G06F16/901 ,  G06F17/16 ,  G06F17/18 ,  G06F18/21 ,  G06F18/214 ,  G06N20/00 ,  G06N20/20

Abstract: Systems and methods are described for processing ingested data in an asynchronous manner as the data is being ingested to detect potential anomalies. For example, one or more streaming data processors can convert data as the data is ingested into a comparable data structure, determine whether the comparable data structure should be assigned to an existing data pattern or a new data pattern, and optionally update a characteristic of the data pattern to which the comparable data structure is assigned. The streaming data processor(s) can perform these operations automatically in real-time or in periodic batches. Once one or more comparable data structures have been assigned to one or more data patterns, the streaming data processor(s) can analyze the comparable data structures assigned to a particular data pattern to determine whether any of the comparable data structures appear to be anomalous.

公开(公告)号：US12164524B2

公开(公告)日：2024-12-10

申请号：US18304770

申请日：2023-04-21

Applicant: Splunk Inc.

Inventor： Sanjeev Kulkarni ,  Boyang Peng ,  Karthikeyan Ramasamy ,  Poornima Devaraj

IPC: G06F16/22 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/248 ,  H04L45/741 ,  H04L49/00 ,  H04L49/90 ,  H04L49/9005

Abstract: Systems and methods are described for customizable data streams in a streaming data processing system. Routing criteria for the customizable data streams are defined by a user, an automated process, or any other process. The routing criteria can be defined using graphical controls. The streaming data processing system uses the routing criteria to determine data that should be used to populate a particular data stream. Further, processing pipelines are customized such that a particular processing pipeline can obtain data from a particular user defined data stream and write data to a particular user defined data stream. Data is routed through the user defined data streams and customized processing pipelines based on a data route. A data route for a set of data may include multiple user defined data streams and multiple processing pipelines. The data route can include a loop of processing pipelines and data streams.

公开(公告)号：US12155678B1

公开(公告)日：2024-11-26

申请号：US17526893

申请日：2021-11-15

Applicant: SPLUNK INC.

Inventor： Camille Gaspard

IPC: G06F21/00 ,  H04L9/40 ,  H04L67/50

Abstract: In one embodiment, a discrepancy detection application automatically detects and addresses unauthorized activities associated with one or more authorization keys based on a request log and a provider log. The request log specifies activities that a client initiated, where the activities are associated with the authorization keys. The provider log specifies activities that a cloud provider performed, where the activities are associated with the authorization keys. In operation, the discrepancy detection application determines that one or more unauthorized activities have occurred based on comparing the request log to the provider log. The discrepancy detection application then performs an action that addresses the unauthorized activities. Advantageously, by detecting discrepancies between activities initiated by the client and activities performed by the cloud provider, the discrepancy detection application automatically detects any leaked authorization keys and minimizes resulting damages incurred by the client.

公开(公告)号：US12141426B1

公开(公告)日：2024-11-12

申请号：US16528462

申请日：2019-07-31

Applicant: SPLUNK INC.

Inventor： Devin Bhushan ,  Jesse Chor ,  Sammy Lee ,  Glen Wong

IPC: G06F3/04847 ,  G06F16/953 ,  H04L41/22

Abstract: A mobile device is fitted with an extended reality (XR) software application program executing on a processor within an XR system, and optionally a camera. Via the XR software application program, various techniques are performed for interacting with a physical object via the XR environment, in particular modifying, for example, a state or a parameter or operations of the object. In a technique, the XR software application program facilitates directing a physical computing system or device to perform certain actions associated with a physical object.

公开(公告)号：US12141040B1

公开(公告)日：2024-11-12

申请号：US17827526

申请日：2022-05-27

Applicant: Splunk Inc.

Inventor： Sayantan Bhattacharyya ,  Wendi Qiu ,  How Yin Tan ,  Amritpal Singh Bath ,  Iuri Chaer

IPC: G06F11/00 ,  G06F11/20

Abstract: A computer-implemented method of providing for dynamic cluster manager failover includes routing data traffic associated with managing network components in a cluster to an active cluster manager, where the active cluster manager manages a plurality of network components in the cluster. The method also includes transmitting periodic heartbeat request messages from a standby cluster manager to the active cluster manager. Further, the method includes detecting a loss of heartbeat response messages from the active cluster manager, where the heartbeat response messages are transmitted from the standby cluster manager to the active cluster manager in response to the periodic heartbeat request messages. The method also includes promoting the standby cluster manager to an active role and re-routing the data traffic associated with managing the network components to the currently active cluster manager.

公开(公告)号：US12136174B1

公开(公告)日：2024-11-05

申请号：US17497778

申请日：2021-10-08

Applicant: Splunk Inc.

Inventor： Jesse Chor ,  Michael Emery ,  Christopher Chan ,  Glen Wong ,  Devin Bhushan

IPC: G06T19/00 ,  G06F3/04815 ,  G06K19/06 ,  G06V20/20

Abstract: A mobile device that includes a camera and an extended reality software application program is employed by a user in an operating environment, such as an industrial environment. The user aims the camera within the mobile device at optical data markers, such as QR codes, that are associated with machines in the environment. The mobile device acquires an image from the camera and decodes the optical data markers included in the acquired image. The mobile device queries the data intake and query system for the values of metrics for the machines associated with the decoded optical data markers. Upon receiving the metric values from the data intake and query system, the mobile device generates AR overlays and superimposes the AR overlays onto the acquired image. The mobile device displays the image with superimposed AR overlays on a display device.

公开(公告)号：US12135627B1

公开(公告)日：2024-11-05

申请号：US17589283

申请日：2022-01-31

Applicant: SPLUNK INC.

Inventor： Dinesh Dutt Sharma ,  Chaitanya Sunil Phalak ,  Kyung Rock Baek ,  Vinu K. Alazath

IPC: G06F11/30

Abstract: Embodiments described herein are directed to facilitating management of collection agents. In one embodiment, a control request is received at an agent service manager from an agent controller that manages collection agents that collect data. The agent controller and the collection agents operate on a remote computing machine. A desired agent event is identified to be executed in association with a set of collection agent of the collection agents. An indication of the desired agent event is provided to the agent controller for execution of the desired agent event in association with each collection agent of the set of collection agents.

公开(公告)号：US20240354401A1

公开(公告)日：2024-10-24

申请号：US18761554

申请日：2024-07-02

Applicant: Splunk Inc.

Inventor： James Apger ,  Allison Lindsey Drake ,  James Irwin Ebeling ,  Orville Esoy ,  Bhooshan Kulkarni ,  Marquis L. Montgomery ,  Daniel Trenkner

IPC: G06F21/55 ,  G06F3/0482 ,  G06F21/57

CPC classification number: G06F21/552 ,  G06F3/0482 ,  G06F21/577 ,  G06F2221/2101

Abstract: A graphical user interface (GUI) for presentation of network security risk and threat information is disclosed. A listing is generated of incidents identified by use of event data obtained from a networked computing environment. A particular incident is determined to be associated with a risk object, wherein a risk object is a component of the networked computing environment. The listing is populated with a name associated with the risk object. Risk events associated with the incident are determined, wherein each risk event contributes to a risk score for the incident. The risk score indicates a potential security issue associated with the risk object. The listing is populated with the risk score and a summary of the events. An action is associated with the listing, for triggering display of additional information associated with the risk object. The listing can be displayed in a first display screen of the GUI.

公开(公告)号：US12124669B1

公开(公告)日：2024-10-22

申请号：US17688029

申请日：2022-03-07

Applicant: Splunk Inc.

Inventor： Cary Noel ,  John Coates

IPC: G06F3/0484 ,  G06F3/0481 ,  G06F3/04842 ,  G06F16/2458 ,  G06F16/248

CPC classification number: G06F3/0481 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/2477 ,  G06F16/248

Abstract: A visualization can include a set of swim lanes, each swim lane representing information about an event type. An event type can be specified, e.g., as those events having certain keywords and/or having specified value(s) for specified field(s). The swim lane can plot when (within a time range) events of the associated event type occurred. Specifically, each such event can be assigned to a bucket having a bucket time matching the event time. A swim lane can extend along a timeline axis in the visualization, and the buckets can be positioned at a point along the axis that represents the bucket time. Thus, the visualization may indicate whether events were clustered at a point in time. Because the visualization can include a plurality of swim lanes, the visualization can further indicate how timing of events of a first type compare to timing of events of a second type.