公开(公告)号：US11606379B1

公开(公告)日：2023-03-14

申请号：US17236890

申请日：2021-04-21

Applicant: Splunk Inc.

Inventor： Robert Winslow Pratt ,  Ravi Prasad Bulusu

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/14 ,  H04L9/40 ,  G06N20/00

Abstract: Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.

公开(公告)号：US11019088B2

公开(公告)日：2021-05-25

申请号：US16886542

申请日：2020-05-28

Applicant: Splunk Inc.

Inventor： Robert Winslow Pratt ,  Ravi Prasad Bulusu

IPC: G06F21/64 ,  G06F12/08 ,  H04L29/06 ,  G06N20/00

Abstract: Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.

公开(公告)号：US11876821B1

公开(公告)日：2024-01-16

申请号：US18167040

申请日：2023-02-09

Applicant: Splunk Inc.

Inventor： Robert Winslow Pratt ,  Ravi Prasad Bulusu

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/14 ,  H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1425 ,  G06N20/00 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/20 ,  H04L2463/121

Abstract: First event data, indicative of a first activity on a computer network and second event data indicative of a second activity on the computer network, is received. A first machine learning anomaly detection model is applied to the first event data, by a real-time analysis engine operated by the threat indicator detection system in real time, to detect first anomaly data. A second machine learning anomaly detection model is applied to the first anomaly data and the second event data, by a batch analysis engine operated by the threat indicator detection system in a batch mode, to detect second anomaly data. A third anomaly is detected using an anomaly detection rule. The threat indictor system processes the first anomaly data, the second anomaly data, and the third anomaly data using a threat indicator model to identify a threat indicator associated with a potential security threat to the computer network.

公开(公告)号：US20200296124A1

公开(公告)日：2020-09-17

申请号：US16886542

申请日：2020-05-28

Applicant: Splunk Inc.

Inventor： Robert Winslow Pratt ,  Ravi Prasad Bulusu

IPC: H04L29/06 ,  G06N20/00

Abstract: Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.

公开(公告)号：US10673880B1

公开(公告)日：2020-06-02

申请号：US15276647

申请日：2016-09-26

Applicant: Splunk Inc.

Inventor： Robert Winslow Pratt ,  Ravi Prasad Bulusu

IPC: G06F21/64 ,  G06F12/08 ,  H04L29/06 ,  G06N20/00

Abstract: Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.