公开(公告)号：US20240031397A1

公开(公告)日：2024-01-25

申请号：US18231715

申请日：2023-08-08

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L9/40 ,  G06F21/55 ,  G06F16/28

CPC classification number: H04L63/1441 ,  H04L63/20 ,  H04L63/1416 ,  G06F21/554 ,  G06F16/285 ,  H04L63/1433 ,  H04L63/0236 ,  H04L63/1425 ,  H04L47/2425

Abstract: Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.

公开(公告)号：US11882099B1

公开(公告)日：2024-01-23

申请号：US17162941

申请日：2021-01-29

Applicant: SPLUNK INC.

Inventor： Jesse Chor ,  Michael Emery

IPC: H04L9/40 ,  H04L12/46 ,  H04L9/30 ,  G06F16/27 ,  G06F16/951

CPC classification number: H04L63/029 ,  G06F16/27 ,  G06F16/951 ,  H04L9/30 ,  H04L12/4633 ,  H04L63/0442 ,  H04L63/08

Abstract: Various embodiments of the present application set forth a computer-implemented method that includes receiving, by a trusted tunnel bridge and from a first application executing in a first network, a first encrypted data packet, where the first encrypted data packet includes an encrypted portion of data, and a destination device identifier (DDI). The method further includes determining, by the trusted tunnel bridge, a particular device in a second network and associated with the DDI included in the first encrypted data packet. The method further includes sending, by the trusted tunnel bridge directly to the particular device, the first encrypted data packet.

公开(公告)号：US11870673B2

公开(公告)日：2024-01-09

申请号：US17451518

申请日：2021-10-20

Applicant: SPLUNK INC.

Inventor： Konstantinos Polychronis

IPC: H04L43/12 ,  H04L43/08 ,  H04L69/22 ,  H04L43/00 ,  H04L43/028

CPC classification number: H04L43/12 ,  H04L43/08 ,  H04L69/22 ,  H04L43/028 ,  H04L43/14

Abstract: Various methods and systems for facilitating network traffic monitoring in association with an application running on a client device are provided. In this regard, aspects of the invention facilitate monitoring network traffic being transmitted to and/or from a client device, such as a mobile device, so that network performance can be analyzed. In various implementations, one or more default classes associated with an application on a device are replaced with one or more custom monitoring classes designed to facilitate monitoring data packets being communicated to or from the application. The custom monitoring classes can then be utilized to facilitate monitoring a plurality of data packets communicated to or from the application.

公开(公告)号：US11868411B1

公开(公告)日：2024-01-09

申请号：US17468428

申请日：2021-09-07

Applicant: SPLUNK INC.

Inventor： Ramesh Panuganty

IPC: G06F16/951

CPC classification number: G06F16/951

Abstract: Improved crawling and curation of data and metadata from diverse data sources is described. In some embodiments, improvements are achieved by interpreting the context, vocabulary and relationships of data element, to enable relational data search capability for users. The user querying process is improved by systematic identification of the data objects, context, and relationships across data objects and elements, aggregation methods and operators on the data objects and data elements as identified in the curation process. User query suggestions and recommendations can be adjusted based on the context, relationships between the data elements, user profile, and the data sources. When the user query is executed, the query text is translated into an equivalent of one or more query statements, such as SQL or PostGre statements, and the query is performed on the identified data sources. Results are assembled to present the answer in a meaningful visualization for the user query.

公开(公告)号：US11863408B1

公开(公告)日：2024-01-02

申请号：US17578206

申请日：2022-01-18

Applicant: Splunk Inc.

Inventor： Michael Dickey

IPC: H04L43/04 ,  H04L41/0853 ,  H04L41/046 ,  H04L41/0816 ,  H04L43/106

CPC classification number: H04L43/04 ,  H04L41/046 ,  H04L41/0816 ,  H04L41/0856 ,  H04L43/106

Abstract: The disclosed embodiments provide a method and system for processing network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. Next, the system uses the configuration information to configure the generation of event data from network data obtained from network packets at the remote capture agent. The system then uses the configuration information to configure transformation of the event data or the network data into transformed event data at the remote capture agent.

公开(公告)号：US11860940B1

公开(公告)日：2024-01-02

申请号：US17233193

申请日：2021-04-16

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/901 ,  G06F16/903 ,  G06F16/2458

CPC classification number: G06F16/901 ,  G06F16/2477 ,  G06F16/90335

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system uses a search node catalog to identify search nodes that are available to execute the query and uses a bucket catalog to identify buckets to be searched. The data intake and query system executes the query using the identified bucket and search nodes.

公开(公告)号：US11838372B2

公开(公告)日：2023-12-05

申请号：US18093980

申请日：2023-01-06

Applicant: SPLUNK Inc.

Inventor： Gergely Danyi ,  Joseph Ari Ross

IPC: G06F15/173 ,  H04L67/146 ,  G06F16/906 ,  G06F16/955

CPC classification number: H04L67/146 ,  G06F16/906 ,  G06F16/9566

Abstract: A method of normalizing URLs associated with a real user session comprises extracting uniform resource locators (URLs) from ingested spans where at least a portion of the URLs comprise unique URL strings. The method also comprises decomposing each of the URLs into a sequence of tokens and grouping together subsets of related URLs. Also, the method comprises representing each subset of related URLs with a normalized URL string.

公开(公告)号：US11838351B1

公开(公告)日：2023-12-05

申请号：US17991704

申请日：2022-11-21

Applicant: SPLUNK INC.

Inventor： Marios Iliofotou ,  Ravi Bulusu ,  Ashwin Athalye ,  Sathya Kavacheri ,  Shekar Kesarimanglam

IPC: H04L67/02 ,  H04L67/306 ,  H04L67/50 ,  H04L67/1001

CPC classification number: H04L67/02 ,  H04L67/1001 ,  H04L67/306 ,  H04L67/535

Abstract: A deployment manager executing in a distributed computing environment generates a user behavior analytics (UBA) deployment to process structured event data. The deployment manager configures a streaming cluster to perform streaming processing on real-time data and configures a batch cluster to perform batch processing on aggregated data. A configuration manager executing in the distributed computing environment interoperates with the deployment manager to update the UBA deployment with user-provided code and configurations that define streaming and batch models, among other things. In this manner, the deployment manager provides a scalable UBA deployment that can be customized, via the configuration manager, by a user.

公开(公告)号：US11838189B1

公开(公告)日：2023-12-05

申请号：US17976453

申请日：2022-10-28

Applicant: SPLUNK Inc.

Inventor： Jeremy Hicks ,  Todd Leonard DeCapua ,  Adam James Schalock ,  Neil Douglas Erkkila ,  Samuel Halpern ,  Chad Tripod ,  Joel Schoenberg ,  David Connett

IPC: G06F15/173 ,  H04L41/5009 ,  H04L43/045 ,  H04L41/5025

CPC classification number: H04L41/5016 ,  H04L41/5025 ,  H04L43/045

Abstract: A time series is created that measures a remaining budget amount for a given time period, where the budget amount indicates a maximum number of occurrences of an event allowed for the given time period. More specifically, the given time period is divided into multiple time intervals. For each time interval, a number of occurrences of the event are calculated and detracted from the remaining budget amount to determine a remaining budget amount at the end of the time interval. These time values and associated remaining budget amounts are used to create the time series. This time series may be monitored in real-time, and actions may be taken to avoid future occurrences of the event in response to determining that the remaining budget amount falls below a threshold.

公开(公告)号：US20230388338A1

公开(公告)日：2023-11-30

申请号：US18228982

申请日：2023-08-01

Applicant: Splunk Inc.

Inventor： Sourabh SATISH ,  Oliver FRIEDRICHS ,  Atif MAHADIK ,  Govind SALINAS

IPC: H04L9/40 ,  G06F21/55 ,  G06F16/28

CPC classification number: H04L63/1441 ,  H04L63/20 ,  H04L63/1416 ,  G06F21/554 ,  G06F16/285 ,  H04L63/1433 ,  H04L63/0236 ,  H04L63/1425 ,  H04L47/2425

Abstract: Systems, methods, and software described herein provide security actions based on the current state of a security threat. In one example, a method of operating an advisement system in a computing environment with a plurality of computing assets includes identifying a security threat within the computing environment. The method further includes, in response to identifying the security threat, obtaining state information for the security threat within the computing environment, and determining a current state for the security threat within the computing environment. The method also provides obtaining enrichment information for the security threat and determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.