公开(公告)号：US11477263B2

公开(公告)日：2022-10-18

申请号：US16920911

申请日：2020-07-06

Applicant: SPLUNK INC.

Inventor： Vijay Chauhan ,  Liu-Yuan Lai ,  Wenhui Yu ,  Luke Murphey ,  David Hazekamp

IPC: H04L67/02 ,  H04L67/00 ,  G06F8/60 ,  G06F8/61 ,  H04L67/75

Abstract: Provided are systems and methods for indicating deployment of application features. In one embodiment, a method is provided that includes determining available features of a current deployment of an application for receiving machine-generated data from one or more data sources of a data system, determining un-deployed features of the current deployment of the application, wherein the un-deployed features comprise one or more of the available features that is configured to use input data from a data source and wherein the input data is not available to the feature in the current deployment of the application, and causing display of a deployment graphical user interface (GUI) that comprises an indication of the un-deployed features.

公开(公告)号：US20210011932A1

公开(公告)日：2021-01-14

申请号：US17038472

申请日：2020-09-30

Applicant: SPLUNK Inc.

Inventor： Vijay Chauhan ,  Banipal Shahbaz ,  David Hazekamp

IPC: G06F16/28 ,  G06F16/22 ,  G06F16/2458

Abstract: In various implementations, a computer-implemented method for remotely managing settings of applications includes receiving a network communication from a managed device, the received network communication including a client-side hash value. The method further includes identifying settings for an application on the managed device in response to the receiving of the network communication, where the identified settings include configuration instructions for the application. Based on a comparison between the received client-side hash value and a server-side hash value that corresponds to the identified settings, at least some of the identified settings are transmitted to the managed device. The transmitting of the at least some of the identified settings can be based on the comparison indicating a mismatch between the received client-side hash value and the server-side hash value. The method may also include completing processing of the received network communication after the transmitting of the at least some of the identified settings.

公开(公告)号：US20200336532A1

公开(公告)日：2020-10-22

申请号：US16920911

申请日：2020-07-06

Applicant: SPLUNK INC.

Inventor： Vijay Chauhan ,  Liu-Yuan Lai ,  Wenhui Yu ,  Luke Murphey ,  David Hazekamp

IPC: H04L29/08 ,  G06F8/60 ,  G06F8/61

Abstract: Provided are systems and methods for indicating deployment of application features. In one embodiment, a method is provided that includes determining available features of a current deployment of an application for receiving machine-generated data from one or more data sources of a data system, determining un-deployed features of the current deployment of the application, wherein the un-deployed features comprise one or more of the available features that is configured to use input data from a data source and wherein the input data is not available to the feature in the current deployment of the application, and causing display of a deployment graphical user interface (GUI) that comprises an indication of the un-deployed features.

公开(公告)号：US10812514B2

公开(公告)日：2020-10-20

申请号：US16228509

申请日：2018-12-20

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Devendra M. Badhani ,  Luke K. Murphey ,  David Hazekamp

IPC: H04L29/06

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.

公开(公告)号：US20190260819A1

公开(公告)日：2019-08-22

申请号：US16397434

申请日：2019-04-29

Applicant: SPLUNK INC.

Inventor： Vijay Chauhan ,  Liu-Yuan Lai ,  Wenhui Yu ,  Luke Murphey ,  David Hazekamp

IPC: H04L29/08

Abstract: Provided are systems and methods for indicating deployment of application features. In one embodiment, a method is provided that includes determining available features of a current deployment of an application for receiving machine-generated data from one or more data sources of a data system, determining un-deployed features of the current deployment of the application, wherein the un-deployed features comprise one or more of the available features that is configured to use input data from a data source and wherein the input data is not available to the feature in the current deployment of the application, and causing display of a deployment graphical user interface (GUI) that comprises an indication of the un-deployed features.

公开(公告)号：US10320877B2

公开(公告)日：2019-06-11

申请号：US14690741

申请日：2015-04-20

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Liu-Yuan Lai ,  Wenhui Yu ,  Luke Murphey ,  David Hazekamp

IPC: H04L29/08

Abstract: Provided are systems and methods for indicating deployment of application features. In one embodiment, a method is provided that includes determining available features of a current deployment of an application for receiving machine-generated data from one or more data sources of a data system, determining un-deployed features of the current deployment of the application, wherein the un-deployed features comprise one or more of the available features that is configured to use input data from a data source and wherein the input data is not available to the feature in the current deployment of the application, and causing display of a deployment graphical user interface (GUI) that comprises an indication of the un-deployed features.

公开(公告)号：US20190138718A1

公开(公告)日：2019-05-09

申请号：US16237611

申请日：2018-12-31

Applicant: Splunk Inc.

Inventor： Ravi Iyer ,  Devendra Badhani ,  Vijay Chauhan

IPC: G06F21/55 ,  G06Q10/00

Abstract: Systems and methods are disclosed for associating an entity with a risk score that may indicate a security threat associated with the entity's activity. An exemplary method may involve monitoring the activity of a subset of the set of entities (e.g., entities included in a watch list) by executing a search query against events indicating the activity of the subset of entities. The events may be associated with timestamps and may include machine data. Executing the search query may produce search results that pertain to activity of a particular entity from the subset. The search results may be evaluated based on a triggering condition corresponding to the statistical baseline. When the triggering condition is met, a risk score for the particular entity may be updated. The updated risk score may be displayed to a user via a graphical user interface (GUI).

公开(公告)号：US20170048264A1

公开(公告)日：2017-02-16

申请号：US15339952

申请日：2016-11-01

Applicant: Splunk Inc,

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L29/06 ,  G06F17/30 ,  G06F21/62 ,  G06F17/24 ,  G06F3/0484

CPC classification number: H04L63/1425 ,  G06F3/0484 ,  G06F17/241 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30557 ,  G06F21/629 ,  G06F2221/2151 ,  H04L43/06

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

Abstract translation: 公开了技术和机制，使网络安全分析师和其他用户有效地进行网络安全调查并产生调查结果的有用表示。 如本文所使用的，网络安全调查通常是指分析者（或分析师小组）对可能对管理的计算机网络造成内部和/或外部威胁的一个或多个检测到的网络事件的分析。 网络安全应用程序提供各种接口，使用户能够创建调查时间表，其中调查时间表显示与特定网络安全调查相关的事件的集合。 网络安全应用程序还提供监视和记录与网络安全应用程序的用户交互的功能，其中特定记录的用户交互也可以被添加到一个或多个调查时间线。

公开(公告)号：US20190166146A1

公开(公告)日：2019-05-30

申请号：US16264561

申请日：2019-01-31

Applicant: Splunk Inc,

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L29/06 ,  G06F17/24 ,  G06F21/62 ,  G06F16/2458 ,  G06F16/25 ,  H04L12/26 ,  G06F3/0484 ,  G06F16/248

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US09843598B2

公开(公告)日：2017-12-12

申请号：US15421269

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Devendra M. Badhani ,  Luke K. Murphey ,  David Hazekamp

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/0218 ,  H04L63/0236

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.