公开(公告)号：US20180337943A1

公开(公告)日：2018-11-22

申请号：US15777185

申请日：2015-11-17

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Simon Ian ARNELL ,  Marco CASASSA MONT ,  Yolanta BERESNA ,  Theofrastos KOULOURIS ,  Jon POTTER

IPC: H04L29/06 ,  H04L12/24

Abstract: Examples relate to handling network threats. In one example, a computing device may: receive, from a threat detector, threat data associated with a particular network device included in a plurality of network devices; identify, based on the threat data, a particular analytics operation for assisting with remediation of a threat associated with the threat data; identify, based on the threat data, additional data for performing the particular analytics operation; cause reconfiguration of at least one of the plurality of network devices, the reconfiguration causing each of the reconfigured network devices to i) collect the additional data, and ii) provide the additional data to an analytics device; and receive, from the analytics device, particular analytics results of the particular analytics operation.

公开(公告)号：US20210256118A1

公开(公告)日：2021-08-19

申请号：US17232264

申请日：2021-04-16

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Geoffrey NDU ,  Theofrastos KOULOURIS ,  Nigel EDWARDS

IPC: G06F21/55

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.