Conexus LLC v. Splunk Inc

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: Conexus LLC (NM)
  • Defendant: Splunk Inc (DE)
  • Plaintiff’s Counsel: Garibian Law Offices, P.C.; Rabicoff Law LLC
• Case Identification: 1:25-cv-00892, D. Del., 07/17/2025
• Venue Allegations: Plaintiff alleges venue is proper in the District of Delaware because Defendant has an established place of business in the District, has committed acts of patent infringement there, and Plaintiff has suffered harm there.
• Core Dispute: Plaintiff alleges that Defendant’s software products infringe a patent related to systems and methods for detecting network security threats by tracing application execution and network connection lineage.
• Technical Context: The technology addresses the detection of malicious activity within an enterprise computer network by establishing a baseline of normal behavior and generating alerts when deviations occur.
• Key Procedural History: The complaint does not mention any prior litigation, inter partes review (IPR) proceedings, or licensing history related to the patent-in-suit.

Case Timeline

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,812,497 - "Systems and methods for detecting and responding to security threats using application execution and connection lineage tracing"

• Patent Identification: U.S. Patent No. 10,812,497, "Systems and methods for detecting and responding to security threats using application execution and connection lineage tracing," issued October 20, 2020. (Compl. ¶9; ’497 Patent).

The Invention Explained

• Problem Addressed: The patent addresses the problem of security threats that have already breached an enterprise's perimeter and are moving laterally within the network. Such threats often attempt to "propagate, gain elevated privileges, and execute" across multiple systems to find and exfiltrate sensitive data while trying to avoid detection. (’497 Patent, col. 4:9-25).
• The Patented Solution: The invention proposes a system of "Application Execution and Connection Lineage Tracing (AE-CLT)" that monitors network activity without necessarily performing deep packet inspection. (’497 Patent, col. 4:38-40). The system uses sensors to collect "activity data" (e.g., connection and application execution information) and combines it with context (e.g., user identity) to create activity records. These records are compared against a set of "baseline signatures" representing normal, learned behavior. An alert is generated when a new activity record deviates from all known baseline signatures, indicating a potential anomaly. (’497 Patent, Abstract; Fig. 5b).
• Technical Importance: This approach is designed to scale for large enterprise networks with potentially hundreds of thousands of users and machines, as it avoids the computational overhead of deep packet inspection for its initial filtering stage. (’497 Patent, col. 4:60-65).

Key Claims at a Glance

• The complaint alleges infringement of "one or more claims" and refers to "Exemplary '497 Patent Claims" identified in an attached Exhibit 2. (Compl. ¶11, ¶16).
• As Exhibit 2 was not provided with the complaint, the specific independent and dependent claims asserted are not identified in the available documents.

III. The Accused Instrumentality

Product Identification

• The complaint identifies the accused products as the "Exemplary Defendant Products" but states they are identified in charts within an un-provided Exhibit 2. (Compl. ¶11, ¶16). No specific products are named in the body of the complaint.

Functionality and Market Context

• The complaint alleges that the accused products "practice the technology claimed by the '497 Patent." (Compl. ¶16). It does not provide further technical detail on the functionality or market context of the accused products.

IV. Analysis of Infringement Allegations

The complaint does not contain claim charts or detailed infringement allegations in its body, instead incorporating by reference an un-provided "Exhibit 2" that allegedly contains this information. (Compl. ¶16-17). The core infringement theory presented is that the "Exemplary Defendant Products" satisfy all elements of the "Exemplary '497 Patent Claims." (Compl. ¶16). Without the exhibit, a detailed claim-by-claim analysis is not possible.

No probative visual evidence provided in complaint.

V. Key Claim Terms for Construction

The complaint does not identify specific asserted claims, instead referring to an un-provided exhibit. (Compl. ¶11, ¶16). Therefore, an analysis of key claim terms for construction is not possible based on the provided documents.

VI. Other Allegations

Indirect Infringement

• The complaint alleges induced infringement, stating that Defendant sells the accused products to customers and distributes "product literature and website materials" that allegedly instruct and encourage end users to operate the products in an infringing manner. (Compl. ¶14). These allegations also rely on the un-provided Exhibit 2. (Compl. ¶14). The pleading further asserts inducement occurring "at least since being served by this Complaint." (Compl. ¶15).

Willful Infringement

• The complaint alleges that service of the complaint and its attached (but un-provided) claim charts constitutes "Actual Knowledge of Infringement." (Compl. ¶13). It further alleges that despite this knowledge, Defendant continues its infringing activities. (Compl. ¶14). The prayer for relief requests a finding that the case is "exceptional" and an award of attorneys' fees, which can be associated with findings of willful infringement. (Compl. p. 5, ¶i).

VII. Analyst’s Conclusion: Key Questions for the Case

• Pleading Sufficiency: A threshold issue for the court may be whether the complaint, which relies entirely on an un-provided external exhibit to identify the accused products and articulate its infringement theory, pleads sufficient factual matter on its face to state a plausible claim for relief.
• Claim Scope and Infringement: Assuming the case proceeds, a central technical dispute will be whether the functionality of the accused Splunk products aligns with the patent's claims. This will likely focus on how concepts such as generating "baseline signatures" from "activity data" and detecting deviations through "connection lineage tracing" are construed and whether those specific steps are performed by the accused systems.
• Knowledge and Intent: The basis for indirect and willful infringement appears to be grounded in notice provided by the complaint itself. A key question will be whether Plaintiff can establish the requisite knowledge and specific intent for inducement, particularly for any activity occurring before the complaint was filed.