公开(公告)号：US20180152468A1

公开(公告)日：2018-05-31

申请号：US15568280

申请日：2015-05-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Igor Nor ,  Eyal Hayun ,  Omer Barkol

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/26 ,  H04L12/24

Abstract: Certain described examples are directed towards analyzing network data. The network data is processed to generate a graph data structure that has edges that are associated with communication times from the network data and nodes that are associated with computer devices. Representations of the graph data structure are generated over time. Given an indication of at least a computing device, for example as involved in anomalous activity or a security incident, the representations of the graph data structure may be used to determine further associated computer devices that are associated with the indicated device.

公开(公告)号：US20170199940A1

公开(公告)日：2017-07-13

申请号：US15325957

申请日：2014-10-30

Applicant: Inbal TADESKI ,  Hadas KOGAN ,  Eli HAYOON ,  Eyal HAYUN ,  Doron SHAKED ,  Gil ELGRABLY ,  Olga SHAIN ,  HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Inbal Tadeski ,  Hadas Kogan ,  Eli Hayoon ,  Eyal Hayun ,  Doron Shaked ,  Gil Elgrably ,  Olga Shain

IPC: G06F17/30 ,  G06F17/22 ,  G06F3/0482

CPC classification number: G06F16/9024 ,  G06F3/0482 ,  G06F16/24578 ,  G06F16/904 ,  G06F17/2235 ,  G06F17/2247 ,  G06F17/2264

Abstract: Data entries can include values for each of a number of features that each have a number of permissible or possible values. The features and the permissible values thereof are ranked based on a graph constructed from the features and the permissible values. The data entries can include textual data for free-text features that do not have permissible values or possible values, and new features created based on information extracted from the textual data, where nodes and edges are added to the graph from these new features. Graphical elements corresponding to the features and graphical representations based on frequencies of the permissible values of the features can be displayed.

公开(公告)号：US10791131B2

公开(公告)日：2020-09-29

申请号：US15568280

申请日：2015-05-28

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Igor Nor ,  Eyal Hayun ,  Omer Barkol

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26 ,  H04L29/12

Abstract: Certain described examples are directed towards analyzing network data. The network data is processed to generate a graph data structure that has edges that are associated with communication times from the network data and nodes that are associated with computer devices. Representations of the graph data structure are generated over time. Given an indication of at least a computing device, for example as involved in anomalous activity or a security incident, the representations of the graph data structure may be used to determine further associated computer devices that are associated with the indicated device.

公开(公告)号：US10540360B2

公开(公告)日：2020-01-21

申请号：US15223271

申请日：2016-07-29

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Igor Nor ,  Sagi Schein ,  Omer Barkol ,  Eyal Hayun

IPC: G06F17/30 ,  G06F16/2458 ,  H04L12/24 ,  G06F16/248 ,  G06F16/901

Abstract: A method, a computing system, and a non-transitory machine readable storage medium containing instructions for identifying relationships between entities are provided. In an example, the method includes receiving a query. The query specifies a first computing entity, a second computing entity, and a window of time. A data structure is queried based on the query to identify a set of relationship instances each corresponding to a relationship between the first computing entity and the second computing entity during the window of time. A representation of the first computing entity, the second computing entity, and the set of relationship instances is provided at a user interface.

公开(公告)号：US20180032588A1

公开(公告)日：2018-02-01

申请号：US15223271

申请日：2016-07-29

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Igor Nor ,  Sagi Schein ,  Omer Barkol ,  Eyal Hayun

IPC: G06F17/30 ,  H04L12/24

Abstract: A method, a computing system, and a non-transitory machine readable storage medium containing instructions for identifying relationships between entities are provided. In an example, the method includes receiving a query. The query specifies a first computing entity, a second computing entity, and a window of time. A data structure is queried based on the query to identify a set of relationship instances each corresponding to a relationship between the first computing entity and the second computing entity during the window of time. A representation of the first computing entity, the second computing entity, and the set of relationship instances is provided at a user interface.