公开(公告)号：US11431792B2

公开(公告)日：2022-08-30

申请号：US15420420

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Manish Marwah ,  Renato Keshet ,  Barak Raz ,  Brent James Miller

IPC: H04L29/06 ,  H04L67/104 ,  H04L9/40 ,  H04L12/46

Abstract: In some examples, an alert relating to an issue in a computing arrangement is received. Contextual information is determined for the alert, the determined contextual information comprising spatial and temporal distributions of previous instances of the alert or similar alerts. The contextual information is communicated for use in addressing the issue in the computing arrangement.

公开(公告)号：US20180205753A1

公开(公告)日：2018-07-19

申请号：US15409760

申请日：2017-01-19

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Barak Raz ,  Sasi Siddharth Muthurajan

IPC: H04L29/06

Abstract: A technique includes processing domain name system queries generated by a host to identify a subset of the queries for which domain names were not resolved. The technique includes using a time-based analysis to detect domain generation algorithm-based malware communications by the host, including detecting malicious communications by the host based at least in part on a number of the queries of the identified subset and a time span within which the queries of the subset were generated.

公开(公告)号：US20180219876A1

公开(公告)日：2018-08-02

申请号：US15420420

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Manish Marwah ,  Renato Keshet ,  Barak Raz ,  Brent James Miller

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L67/104 ,  H04L12/4641 ,  H04L63/1408

Abstract: In some examples, an alert relating to an issue in a computing arrangement is received. Contextual information is determined for the alert, the determined contextual information comprising spatial and temporal distributions of previous instances of the alert or similar alerts. The contextual information is communicated for use in addressing the issue in the computing arrangement.

公开(公告)号：US11240256B2

公开(公告)日：2022-02-01

申请号：US15420417

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Tomasz Jaroslaw Bania ,  William G. Horne ,  Renato Keshet ,  Pratyusa K. Manadhata ,  Manish Marwah ,  Brent James Miller ,  Barak Raz ,  Tomas Sander

IPC: G06F21/00 ,  H04L29/06

Abstract: In some examples, a plurality of alerts relating to issues in a computing arrangement are received, where the plurality of alerts generated based on events in the computing arrangement. A subset of the plurality of alerts is grouped into a bundle of alerts, the grouping being based on a criterion. The bundle of alerts is communicated to cause processing of the alerts in the bundle of alerts together.

公开(公告)号：US10681069B2

公开(公告)日：2020-06-09

申请号：US15409760

申请日：2017-01-19

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Barak Raz ,  Sasi Siddharth Muthurajan

IPC: H04L29/06 ,  G06F21/56 ,  G06F21/55

Abstract: A technique includes processing domain name system queries generated by a host to identify a subset of the queries for which domain names were not resolved. The technique includes using a time-based analysis to detect domain generation algorithm-based malware communications by the host, including detecting malicious communications by the host based at least in part on a number of the queries of the identified subset and a time span within which the queries of the subset were generated.

公开(公告)号：US20180219875A1

公开(公告)日：2018-08-02

申请号：US15420417

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Tomasz Jaroslaw Bania ,  William G. Horne ,  Renato Keshet ,  Pratyusa K. Manadhata ,  Manish Marwah ,  Brent James Miller ,  Barak Raz ,  Tomas Sander

IPC: H04L29/06

CPC classification number: H04L63/14 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20

Abstract: In some examples, a plurality of alerts relating to issues in a computing arrangement are received, where the plurality of alerts generated based on events in the computing arrangement. A subset of the plurality of alerts is grouped into a bundle of alerts, the grouping being based on a criterion. The bundle of alerts is communicated to cause processing of the alerts in the bundle of alerts together.