公开(公告)号：US20170154107A1

公开(公告)日：2017-06-01

申请号：US15325807

申请日：2014-12-11

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Morad Awad ,  Gil Elgrably ,  Mani Fischer ,  Renato Keshet ,  Mike Krohn ,  Alina Maor ,  Ron Maurer ,  Igor Nor ,  Olga Shain ,  Doron Shaked

IPC: G06F17/30

CPC classification number: G06F16/345 ,  G06F16/35 ,  G06F16/36

Abstract: Determining term scores based on a modified inverse domain frequency is disclosed. One example is a system including a data processing engine, an evaluator, and a data analytics module. The data processing engine identifies a key term associated with a system, and a sub-plurality of a plurality of documents, the sub-plurality of documents associated with the event. The evaluator determines, based on the presence or absence of the key term, a first distribution related to the sub-plurality of documents, and a second distribution related to the plurality of documents, and evaluates, for the key term, a term score based on the first distribution and the second distribution, the term score indicative of a modified inverse domain frequency based on the sub-plurality of documents. The data analytics module includes the key term in a word cloud when the term score for the key term satisfies a threshold.

公开(公告)号：US10530640B2

公开(公告)日：2020-01-07

申请号：US15280940

申请日：2016-09-29

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Gal Alon ,  Doron Shaked ,  Igor Giller ,  Marina Lyan ,  Ron Maurer ,  Noam Fraenkel ,  Igor Nor ,  Yair Horovitz

IPC: H04L12/24 ,  G06F3/041

Abstract: In some examples, a first pair of parameters in respective first and second log message streams associated with respective first and second source components and a second pair of parameters in the respective first and second log message streams may be identified. The first pair may be identical and the second pair may be identical. It may be determined that first pair of parameters was simultaneously generated and that the second pair of parameters was simultaneously generated in the first and in the second log message streams. A linkage score may be determined between the first and the second source components. The linkage score may be based on the determination that each of the respective first and the second pairs of parameters was simultaneously generated. It may be determined that that the first and second source components are topologically linked based on the linkage score.

公开(公告)号：US20170192872A1

公开(公告)日：2017-07-06

申请号：US15325847

申请日：2014-12-11

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Morad Awad ,  Gil Elgrably ,  Mani Fischer ,  Renato Keshet ,  Mike Krohn ,  Alina Maor ,  Ron Maurer ,  Igor Nor ,  Olga Shain ,  Doron Shaked

IPC: G06F11/34 ,  G06F17/18

CPC classification number: G06F11/3476 ,  G06F3/04842 ,  G06F11/3072 ,  G06F11/3452 ,  G06F16/24568 ,  G06F17/18 ,  G06F17/40 ,  G06F2201/86 ,  G06K9/00543 ,  G06K9/6284

Abstract: Interactive detection of system anomalies is disclosed. One example is a system including a data processor, an anomaly processor, and an interaction processor. Input data related to a series of events and telemetry measurements is received by the data processor. The anomaly processor detects presence of a system anomaly in the input data, the system anomaly indicative of a rare situation that is distant from a norm of a distribution based on the series of events and telemetry measurements. The interaction processor is communicatively linked to the anomaly processor and to an interactive graphical user interface. The interaction processor displays, via the interactive graphical user interface, an output data stream based on the presence of the system anomaly, receives, from the interactive graphical user interface, feedback data associated with the output data stream, and provides the feedback data to the anomaly processor for operations analytics based on the feedback data.

公开(公告)号：US20170149810A1

公开(公告)日：2017-05-25

申请号：US14951807

申请日：2015-11-25

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Renato Keshet ,  Justin Scaggs ,  Yaniv Sabo ,  Ron Maurer ,  Hila Nachlieli ,  Alina Maor ,  Olga Shain ,  Alexander Maydanik

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/0281 ,  H04L63/145

Abstract: An interactive system to detect malware is provided to interactively analyze web proxy log data. The log data is progressively processed to compute analytics for different context settings. The system has a context module, an interaction module and a plurality of analytics modules. When a change of the context setting (filter, weights etc.) is requested, the processing and calculation of analytics for the current context setting is paused and subsequently restarted for the now changed context setting. An analytics interface provided via a graphical user interface is updated upon the change of context settings.