公开(公告)号：US10778712B2

公开(公告)日：2020-09-15

申请号：US16264561

申请日：2019-01-31

Applicant: Splunk Inc

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L29/06 ,  G06F3/0484 ,  G06F16/25 ,  G06F16/248 ,  G06F16/2458 ,  H04L12/26 ,  G06F40/169 ,  G06F21/62

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US20190166145A1

公开(公告)日：2019-05-30

申请号：US16264554

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/55 ,  H04L12/26 ,  H04L12/24 ,  G06F16/951

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US10237292B2

公开(公告)日：2019-03-19

申请号：US15143566

申请日：2016-04-30

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu

IPC: H04L12/26 ,  H04L29/06 ,  H04L12/24 ,  G06F17/30 ,  G06F21/55 ,  G06F21/57 ,  G06F21/62

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US09848008B2

公开(公告)日：2017-12-19

申请号：US15339952

申请日：2016-11-01

Applicant: Splunk Inc

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L29/06 ,  G06F17/30 ,  G06F3/0484 ,  H04L12/26 ,  G06F17/24 ,  G06F21/62

CPC classification number: H04L63/1425 ,  G06F3/0484 ,  G06F17/241 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30557 ,  G06F21/629 ,  G06F2221/2151 ,  H04L43/06

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US09363149B1

公开(公告)日：2016-06-07

申请号：US14815983

申请日：2015-08-01

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu

IPC: G06F17/30 ,  H04L12/24 ,  G06T11/20 ,  G06F3/0482 ,  G06F3/0484 ,  H04L12/26

CPC classification number: H04L63/1425 ,  G06F17/30864 ,  G06F21/56 ,  H04L41/22 ,  H04L43/045 ,  H04L63/1408 ,  H04L63/1416

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

Abstract translation: 公开了技术和机制，使网络安全分析师和其他用户有效地进行网络安全调查并产生调查结果的有用表示。 如本文所使用的，网络安全调查通常是指分析者（或分析师小组）对可能对管理的计算机网络造成内部和/或外部威胁的一个或多个检测到的网络事件的分析。 网络安全应用程序提供各种接口，使用户能够创建调查时间表，其中调查时间表显示与特定网络安全调查相关的事件的集合。 网络安全应用程序还提供监视和记录与网络安全应用程序的用户交互的功能，其中特定记录的用户交互也可以被添加到一个或多个调查时间线。