公开(公告)号：US11240263B2

公开(公告)日：2022-02-01

申请号：US15420521

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Pratyusa K. Manadhata ,  William G. Horne ,  Tomas Sander ,  Manish Marwah ,  Tomasz Jaroslaw Bania

IPC: H04L29/06

Abstract: In some examples, an alert relating to an issue in a computing arrangement is received. It is determined that the received alert is similar to a given alert in an information repository containing information of past processes performed to address respective issues, the determining comprising comparing a property associated with the received alert to a property of alerts associated with the past processes, and the information contained in the information repository comprising actions taken in the past processes to address the respective issues. Performance of a remediation action is triggered that comprises an action, identified by the information in the information repository, taken to respond to the given alert.

公开(公告)号：US10289838B2

公开(公告)日：2019-05-14

申请号：US15116847

申请日：2014-02-21

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Anurag Singla ,  Tomas Sander ,  Edward Ross

IPC: H04L29/06 ,  G06F21/55 ,  G06F21/57

Abstract: Example embodiments disclosed herein relate to determining threat scores for threat observables. Information about multiple threat observables are received from providing entities. The information about the threat observables include at least one attribute about a respective threat associated with the threat observable. Threat scores are determined for the respective threat observables for multiple entities. In one example, a first score of a first one of the threat observables is determined and is different than a second score of the first threat observable for a second entity based on a treatment of the attribute(s).

公开(公告)号：US20180219911A1

公开(公告)日：2018-08-02

申请号：US15420521

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Pratyusa K. Manadhata ,  William G. Horne ,  Tomas Sander ,  Manish Marwah ,  Tomasz Jaroslaw Bania

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  H04L63/1416 ,  H04L63/20

Abstract: In some examples, an alert relating to an issue in a computing arrangement is received. It is determined that the received alert is similar to a given alert in an information repository containing information of past processes performed to address respective issues, the determining comprising comparing a property associated with the received alert to a property of alerts associated with the past processes, and the information contained in the information repository comprising actions taken in the past processes to address the respective issues. Performance of a remediation action is triggered that comprises an action, identified by the information in the information repository, taken to respond to the given alert.

公开(公告)号：US20180219875A1

公开(公告)日：2018-08-02

申请号：US15420417

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Tomasz Jaroslaw Bania ,  William G. Horne ,  Renato Keshet ,  Pratyusa K. Manadhata ,  Manish Marwah ,  Brent James Miller ,  Barak Raz ,  Tomas Sander

IPC: H04L29/06

CPC classification number: H04L63/14 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20

Abstract: In some examples, a plurality of alerts relating to issues in a computing arrangement are received, where the plurality of alerts generated based on events in the computing arrangement. A subset of the plurality of alerts is grouped into a bundle of alerts, the grouping being based on a criterion. The bundle of alerts is communicated to cause processing of the alerts in the bundle of alerts together.

公开(公告)号：US20180007071A1

公开(公告)日：2018-01-04

申请号：US15545099

申请日：2015-01-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Tomas Sander ,  Brian Hein ,  Ted Ross

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/101 ,  H04L63/14 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20

Abstract: Examples relate to collaborative investigation of security indicators. The examples disclosed herein enable presenting, via a user interface, community-based threat information associated with a security indicator to a user. The community-based threat information may comprise investigation results that are obtained from a community of users for the security indicator, and an indicator score that is determined based on the investigation results. The examples further enable obtaining an investigation result from the user and updating the indicator score based on the investigation result.

公开(公告)号：US20170365027A1

公开(公告)日：2017-12-21

申请号：US15184350

申请日：2016-06-16

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Brian Frederick Hosea Che Hein ,  Amir Kibbar ,  Tomas Sander

IPC: G06Q50/26 ,  G06Q50/00 ,  G06F17/30

CPC classification number: G06Q50/265 ,  G06F16/29 ,  G06F21/552 ,  G06F2221/2111 ,  G06Q50/01 ,  H04L63/14 ,  H04L63/20 ,  H04L67/18 ,  H04W4/02 ,  H04W4/029 ,  H04W12/00503

Abstract: Examples disclosed herein relate to considering geolocation information in a security information sharing platform. Some examples may enable determining geolocation information for a security indicator shared to the security information sharing platform. Some examples may enable determining an indicator score associated with the security indicator based on the determined geolocation information. Some examples may enable facilitating display, via a user interface, the first indicator score to the first community of users based on the indicator score.

公开(公告)号：US20170353487A1

公开(公告)日：2017-12-07

申请号：US15169950

申请日：2016-06-01

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Terence Spies ,  Tomas Sander ,  Susan K. LANGFORD

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L63/1441 ,  H04L9/085 ,  H04L9/14 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/20

Abstract: Examples disclosed herein relate to controlling data access on a security information sharing platform. Some examples may enable receiving, from a first member of a first community of the security information sharing platform that enables sharing of security information among a plurality of users, a request to share a first set of information. Some examples may enable determining, based on a set of parameters associated with the request to share the first set of information, an encryption mechanism to use to encrypt the first set of information. Some examples may enable encrypting the first set of information using the determined encryption mechanism. Some examples may enable sharing the encrypted first set of information.

公开(公告)号：US20160378978A1

公开(公告)日：2016-12-29

申请号：US15116847

申请日：2014-02-21

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Anurag Singla ,  Tomas Sander ,  Edward Ross

IPC: G06F21/55 ,  H04L29/06

CPC classification number: G06F21/55 ,  G06F21/554 ,  G06F21/577 ,  G06F2221/034 ,  G06F2221/2101 ,  H04L63/1433

Abstract: Example embodiments disclosed herein relate to determining threat scores for threat observables. Information about multiple threat observables are received from providing entities. The information about the threat observables include at least one attribute about a respective threat associated with the threat observable. Threat scores are determined for the respective threat observables for multiple entities. In one example, a first score of a first one of the threat observables is determined and is different than a second score of the first threat observable for a second entity based on a treatment of the attribute(s).

Abstract translation: 本文公开的示例性实施例涉及确定威胁可观测量的威胁分数。 从提供实体收到有关多个威胁可观测资料的信息。 关于可观察威胁的信息包括关于与可观察威胁相关联的相应威胁的至少一个属性。 威胁分数是针对多个实体的相应威胁可观察量确定的。 在一个示例中，确定威胁可观测器中的第一个的第一分数，并且不同于基于对该属性的处理的第二实体可观察到的第一威胁的第二分数。

公开(公告)号：US11240256B2

公开(公告)日：2022-02-01

申请号：US15420417

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Tomasz Jaroslaw Bania ,  William G. Horne ,  Renato Keshet ,  Pratyusa K. Manadhata ,  Manish Marwah ,  Brent James Miller ,  Barak Raz ,  Tomas Sander

IPC: G06F21/00 ,  H04L29/06

Abstract: In some examples, a plurality of alerts relating to issues in a computing arrangement are received, where the plurality of alerts generated based on events in the computing arrangement. A subset of the plurality of alerts is grouped into a bundle of alerts, the grouping being based on a criterion. The bundle of alerts is communicated to cause processing of the alerts in the bundle of alerts together.

公开(公告)号：US11218497B2

公开(公告)日：2022-01-04

申请号：US15437230

申请日：2017-02-20

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Tomasz Jaroslaw Bania ,  William G. Horne ,  Pratyusa K. Manadhata ,  Tomas Sander

IPC: H04L29/06

Abstract: A technique includes determining relations among a plurality of entities that are associated with a computer system; and selectively grouping behavior anomalies that are exhibited by the plurality of entities into collections based at least in part on the determined relations among the entities. The technique includes selectively reporting the collections to a security operations center.