专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20200169579A1 DETECTION OF POTENTIAL SECURITY THREATS IN MACHINE DATA BASED ON PATTERN DETECTION 审中-公开
公开(公告)号：US20200169579A1
公开(公告)日：2020-05-28
申请号：US16777544
申请日：2020-01-30
申请人： SPLUNK INC.
发明人： Munawar Monzy Merza , John Coates , James M. Hansen , Lucas Murphey , David Hazekamp , Michael Kinsley , Alexander Raitz
IPC分类号： H04L29/06 , G06F21/55
摘要： A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.

2. 发明授权

US10382472B2 Graphical display of events indicating security threats in an information technology system 有权
公开(公告)号：US10382472B2
公开(公告)日：2019-08-13
申请号：US15996866
申请日：2018-06-04
申请人： SPLUNK INC.
发明人： John Coates , Lucas Murphey , David Hazekamp , James Hansen
IPC分类号： H04L29/06 , G06F16/28 , G06F21/55
摘要： A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.

3. 发明申请

US20170048265A1 Detection of Potential Security Threats Based on Categorical Patterns 审中-公开
标题翻译：基于分类模式检测潜在的安全威胁
公开(公告)号：US20170048265A1
公开(公告)日：2017-02-16
申请号：US15339955
申请日：2016-11-01
申请人： Splunk Inc.
发明人： Munawar Monzy Merza , John Coates , James M. Hansen , Lucas Murphey , David Hazekamp , Michael Kinsley , Alexander Raitz
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , G06F17/30551 , G06F21/552 , G06F2221/2151 , H04L63/1408 , H04L63/1416
摘要： A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.
摘要翻译：为表征计算通信或对象的一组事件中的每个事件确定度量值。例如，度量值可以包括事件中的URL或代理字符串的长度。生成子集标准，使得子集内的度量值与群体的中心（例如，分布尾部）相对分开。将标准应用于度量值产生一个子集。该子集的表示呈现在交互式仪表板中。该表示可以包括子集中的唯一值和相应事件发生的计数。客户端可以选择表示中的特定元素，以便相对于子集中的特定值对应的各个事件来呈现更多的细节。因此，客户可以使用他们的知识系统操作和遵守价值频率和基础事件来识别异常度量值和潜在的安全威胁。

4. 发明申请

US20160182546A1 Identifying Possible Security Threats Using Event Group Summaries 有权
标题翻译：使用事件组摘要识别可能的安全威胁
公开(公告)号：US20160182546A1
公开(公告)日：2016-06-23
申请号：US15056999
申请日：2016-02-29
申请人： Splunk Inc.
发明人： John Coates , Lucas Murphey , David Hazekamp , James Hansen
IPC分类号： H04L29/06 , G06F21/55
CPC分类号： H04L63/1433 , G06F17/30598 , G06F21/554 , G06F2221/034 , G06F2221/2151 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/20
摘要： A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.
摘要翻译：所公开的计算机实现的方法包括接收和索引原始数据。索引包括将原始数据划分为包含与计算机或网络安全相关的信息的时间戳搜索事件。将索引数据存储在索引数据存储中，并使用模式从索引数据中的字段中提取值。搜索提取的字段值以获取安全信息。使用安全信息确定一组安全事件。每个安全事件都包括由条件指定的字段值。提供包括安全事件组的摘要，安全事件的其他摘要和删除元素（与摘要相关联）的图形界面（GI）。接收与删除元素的交互相对应的输入。与删除元素进行交互会导致摘要从GI中移除。更新GI以从GI中删除摘要。

5. 发明授权

US09276946B2 Blacklisting and whitelisting of security-related events 有权
标题翻译：将安全相关事件列入黑名单并列出白名单
公开(公告)号：US09276946B2
公开(公告)日：2016-03-01
申请号：US14280311
申请日：2014-05-16
申请人： Splunk Inc.
发明人： John Coates , Lucas Murphey , David Hazekamp , James Hansen
IPC分类号： G06F11/00 , H04L29/06
CPC分类号： H04L63/1433 , G06F17/30598 , G06F21/554 , G06F2221/034 , G06F2221/2151 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/20
摘要： A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.
摘要翻译：所公开的计算机实现的方法包括接收和索引原始数据。索引包括将原始数据划分为包含与计算机或网络安全相关的信息的时间戳搜索事件。将索引数据存储在索引数据存储中，并使用模式从索引数据中的字段中提取值。搜索提取的字段值以获取安全信息。使用安全信息确定一组安全事件。每个安全事件都包括由条件指定的字段值。提供包括安全事件组的摘要，安全事件的其他摘要和删除元素（与摘要相关联）的图形界面（GI）。接收与删除元素的交互相对应的输入。与删除元素进行交互会导致摘要从GI中移除。更新GI以从GI中删除摘要。

6. 发明授权

US08806361B1 Multi-lane time-synched visualizations of machine data events 有权
标题翻译：机器数据事件的多通道时间同步可视化
公开(公告)号：US08806361B1
公开(公告)日：2014-08-12
申请号：US14046767
申请日：2013-10-04
申请人： Splunk Inc.
发明人： Cary Noel , John Coates
IPC分类号： G06F3/048 , G06F3/0482
CPC分类号： G06F3/0481 , G06F3/0484 , G06F3/04842 , G06F17/30551 , G06F17/30554
摘要： A visualization can include a set of swim lanes, each swim lane representing information about an event type. An event type can be specified, e.g., as those events having certain keywords and/or having specified value(s) for specified field(s). The swim lane can plot when (within a time range) events of the associated event type occurred. Specifically, each such event can be assigned to a bucket having a bucket time matching the event time. A swim lane can extend along a timeline axis in the visualization, and the buckets can be positioned at a point along the axis that represents the bucket time. Thus, the visualization may indicate whether events were clustered at a point in time. Because the visualization can include a plurality of swim lanes, the visualization can further indicate how timing of events of a first type compare to timing of events of a second type.
摘要翻译：可视化可以包括一组泳道，每个泳道表示关于事件类型的信息。可以指定事件类型，例如作为具有某些关键字的事件和/或具有指定字段的指定值的事件。泳道可以绘制发生相关事件类型的事件（在一段时间内）。特别地，每个这样的事件可以被分配给具有与事件时间匹配的桶时间的桶。泳道可以沿着可视化中的时间线轴线延伸，并且桶可以被定位在沿轴线的表示铲斗时间的点上。因此，可视化可以指示事件是否在某个时间点聚集。因为可视化可以包括多个泳道，所以可视化可以进一步指示第一类型的事件的定时如何与第二类型的事件的定时比较。

7. 发明授权

US11269476B2 Concurrent display of search results from differing time-based search queries executed across event data 有权
公开(公告)号：US11269476B2
公开(公告)日：2022-03-08
申请号：US15721551
申请日：2017-09-29
申请人： Splunk Inc.
发明人： Cary Noel , John Coates
IPC分类号： G06F3/0481 , G06F3/0484 , G06F16/248 , G06F16/2458 , G06F3/04842
摘要： A visualization can include a set of swim lanes, each swim lane representing information about an event type. An event type can be specified, e.g., as those events having certain keywords and/or having specified value(s) for specified field(s). The swim lane can plot when (within a time range) events of the associated event type occurred. Specifically, each such event can be assigned to a bucket having a bucket time matching the event time. A swim lane can extend along a timeline axis in the visualization, and the buckets can be positioned at a point along the axis that represents the bucket time. Thus, the visualization may indicate whether events were clustered at a point in time. Because the visualization can include a plurality of swim lanes, the visualization can further indicate how timing of events of a first type compare to timing of events of a second type.

8. 发明申请

US20200153714A1 SYSTEMS AND METHODS FOR DISPLAYING ADJUSTABLE METRICS ON REAL-TIME DATA IN A COMPUTING ENVIRONMENT 审中-公开
公开(公告)号：US20200153714A1
公开(公告)日：2020-05-14
申请号：US16741450
申请日：2020-01-13
申请人： SPLUNK INC.
发明人： John Coates , Lucas Murphey , James Hansen , David Hazekamp
IPC分类号： H04L12/26 , H04L12/24
摘要： A system and computer-implemented is provided for displaying a configurable metric relating to an environment in a graphical display along with a value of the metric calculated over a configurable time period. The metric is used to identify events of interest in the environment based on processing real time machine data from one or more sources. The configurable metric is selected and a corresponding value is calculated based on the events of interest over the configurable time period. The value of the metric may be continuously updated in real time based on receiving additional real-time machine data and displayed in a graphical interface as time progresses. Statistical trends in the value of the metric may also be determined over the configurable time period and displayed in the graphical interface as well as an indication if the value of the metric exceeds a configurable threshold value. Further, a selection of one or more thresholds for the value of the metric may be applied and an indication displayed indicating if the threshold(s) have been exceeded.

9. 发明授权

US09811234B2 Parallel display of multiple graphical indicators representing differing search criteria evaluated across a plurality of events 有权
公开(公告)号：US09811234B2
公开(公告)日：2017-11-07
申请号：US14691045
申请日：2015-04-20
申请人： Splunk Inc.
发明人： Cary Noel , John Coates
IPC分类号： G06F3/048 , G06F3/0481 , G06F17/30 , G06F3/0484
CPC分类号： G06F3/0481 , G06F3/0484 , G06F3/04842 , G06F17/30551 , G06F17/30554
摘要： A visualization can include a set of swim lanes, each swim lane representing information about an event type. An event type can be specified, e.g., as those events having certain keywords and/or having specified value(s) for specified field(s). The swim lane can plot when (within a time range) events of the associated event type occurred. Specifically, each such event can be assigned to a bucket having a bucket time matching the event time. A swim lane can extend along a timeline axis in the visualization, and the buckets can be positioned at a point along the axis that represents the bucket time. Thus, the visualization may indicate whether events were clustered at a point in time. Because the visualization can include a plurality of swim lanes, the visualization can further indicate how timing of events of a first type compare to timing of events of a second type.

10. 发明申请

US20160057162A1 DETECTION OF POTENTIAL SECURITY THREATS FROM EVENT DATA 有权
标题翻译：从事件数据中检测潜在安全威胁
公开(公告)号：US20160057162A1
公开(公告)日：2016-02-25
申请号：US14929321
申请日：2015-10-31
申请人： Splunk Inc.
发明人： Munawar Monzy Merza , John Coates , James M Hansen , Lucas Murphey , David Hazekamp , Michael Kinsley , Alexander Raitz
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , G06F17/30551 , G06F21/552 , G06F2221/2151 , H04L63/1408 , H04L63/1416
摘要： A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.
摘要翻译：为表征计算通信或对象的一组事件中的每个事件确定度量值。例如，度量值可以包括事件中的URL或代理字符串的长度。生成子集标准，使得子集内的度量值与群体的中心（例如，分布尾部）相对分开。将标准应用于度量值产生一个子集。该子集的表示呈现在交互式仪表板中。该表示可以包括子集中的唯一值和相应事件发生的计数。客户端可以选择表示中的特定元素，以便相对于子集中的特定值对应的各个事件来呈现更多的细节。因此，客户可以使用他们的知识系统操作和遵守价值频率和基础事件来识别异常度量值和潜在的安全威胁。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式