&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
			function printpage()
			{
			window.print()
			}
			</script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11811587.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,811,587 B1</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Generating incident response action flows using anonymized action implementation data</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Oliver Friedrichs,  Woodside, CA (US);  Atif Mahadik,  Fremont, CA (US);  Govind Salinas,  Sunnyvale, CA (US); and  Sourabh Satish,  Fremont, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Splunk Inc.,  San Francisco, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Splunk Inc.,  San Francisco, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Jan.  23, 2023, as Appl. No. 18/158,400.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/158,400 is a continuation of application No. 17/407,738, filed on Aug.  20, 2021, granted, now 11,588,678.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/407,738 is a continuation of application No. 16/926,907, filed on Jul.  13, 2020, granted, now 11,133,977, issued on Sep.  28, 2021.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 16/926,907 is a continuation of application No. 16/051,183, filed on Jul.  31, 2018, granted, now 10,742,484, issued on Aug.  11, 2020.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 41/0631</b></i> (2022.01); <i><b>H04L 41/0654</b></i> (2022.01); <i><b>H04L 41/14</b></i> (2022.01); <i><b>H04L 9/40</b></i> (2022.01); <i><b>H04L 41/22</b></i> (2022.01); <i><b>H04L 41/5074</b></i> (2022.01); <i><b>G06F 21/55</b></i> (2013.01); <i><b>H04L 41/08</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 41/0631</b></i> (2013.01)&#xa0;[<i><b>G06F 21/554</b></i> (2013.01); <i><b>H04L 41/0654</b></i> (2013.01); <i><b>H04L 41/0883</b></i> (2013.01); <i><b>H04L 41/14</b></i> (2013.01); <i><b>H04L 41/22</b></i> (2013.01); <i><b>H04L 41/5074</b></i> (2013.01); <i><b>H04L 63/1416</b></i> (2013.01); <i><b>H04L 63/1441</b></i> (2013.01); <i>H04L 63/20</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11811587-20231107-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A computer-implemented method, the method comprising:<div class="claim_text">obtaining, by an incident service, data identifying an incident occurring in an information technology (IT) environment, wherein the incident service is coupled to a plurality of IT environments including the IT environment;</div>
                <div class="claim_text">obtaining, from a data store, anonymized action implementation data relevant to the incident, wherein the anonymized action implementation data describes past executions of actions by analyst systems running in one or more of the plurality of IT environments responsive to incidents identified in the plurality of IT environments;</div>
                <div class="claim_text">identifying, based on the anonymized action implementation data, a plurality of action suggestions for responding to the incident; and</div>
                <div class="claim_text">causing display of a flow diagram including the plurality of action suggestions, wherein the flow diagram indicates an order in which the plurality of action suggestions are to be executed.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>