US 11,949,702 B1
Analysis and mitigation of network security risks
Sumit Singh Bagga, Castro Valley, CA (US); Francis E. Gerard, Oakland, CA (US); Robin Jinyang Hu, Fremont, CA (US); Marios Iliofotou, San Jose, CA (US); J. Evan Jordan, San Francisco, CA (US); Amarendra Pendala, San Francisco, CA (US); and Sourabh Satish, Fremont, CA (US)
Assigned to SPLUNK INC., San Francisco, CA (US)
Filed by Splunk Inc., San Francisco, CA (US)
Filed on Nov. 2, 2022, as Appl. No. 18/052,030.
Application 18/052,030 is a continuation of application No. 17/086,146, filed on Oct. 30, 2020, granted, now 11,552,974.
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 12/00 (2006.01); H04L 9/40 (2022.01); H04L 65/61 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 65/61 (2022.05)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method of providing network security, the method comprising:
accessing risk score data including a plurality of risk scores, each risk score of the plurality of risk scores corresponding to a different one of a plurality of detected anomalies related to an entity on or associated with a computer network;
generating a plurality of entity scores for the entity by determining, for each of a plurality of sliding time windows of different lengths, an entity score of the entity in relation to the sliding time window, wherein for each of the sliding time windows a corresponding entity score of the entity is based on an aggregation of risk scores of all anomalies related to the entity that were detected within the sliding time window, each of the entity scores corresponding to a risk level associated with the entity for a corresponding one of the plurality of time windows;
determining a protective action to perform in relation to the entity based on the entity score of the entity for at least one of the plurality of time windows; and
causing execution of the protective action.