-
公开(公告)号:US20150135263A1
公开(公告)日:2015-05-14
申请号:US14398003
申请日:2012-05-30
申请人: Anurag Singla , Zhipeng Zhao
发明人: Anurag Singla , Zhipeng Zhao
CPC分类号: H04L63/20 , G06F17/30595 , G06F21/552 , H04L63/1416 , H04L63/1425
摘要: Fields are determined for pattern discovery in event data. Cardinality and repetitiveness statistics are determined for fields of event data. A set of the fields are selected based on the cardinality and repetitiveness for the fields. The fields may be included in a pattern discovery profile.
摘要翻译: 确定事件数据中的模式发现的字段。 确定事件数据领域的基数和重复性统计。 基于字段的基数和重复性选择一组字段。 字段可以包含在模式发现配置文件中。
-
公开(公告)号:US09824107B2
公开(公告)日:2017-11-21
申请号:US11923502
申请日:2007-10-24
申请人: Anurag Singla , Kumar Saurabh , Kenny C. Tidwell
发明人: Anurag Singla , Kumar Saurabh , Kenny C. Tidwell
CPC分类号: G06F17/30333 , G06F17/30492 , G06F17/30551 , H04L29/12783 , H04L61/35 , H04L63/1408 , H04L63/20 , H04L67/142
摘要: A session table includes one or more records, where each record represents a session. Session record information is stored in various fields, such as key fields, value fields, and timestamp fields. Session information is described as keys and values in order to support query/lookup operations. A session table is associated with a filter, which describes a set of keys that can be used for records in that table. A session table is populated using data contained in security information/events. Rules are created to identify events related to session information, extract the session information, and use the session information to modify a session table. A session table is partitioned so that the number of records in each session table partition is decreased. A session table is processed periodically so that active sessions are moved to the current partition.
-
公开(公告)号:US09571508B2
公开(公告)日:2017-02-14
申请号:US14131805
申请日:2011-07-29
申请人: Anurag Singla
发明人: Anurag Singla
CPC分类号: H04L63/1416 , G06F21/56 , G06Q10/10
摘要: Systems and methods for distributed rule-based correlation of events are provided. A notification of a partial match of a distributed rule by an event of a first subset of events is received. The notification includes a set of properties of the event of the first subset of events. The distributed rule is evaluated using the set of properties of the event of the first subset of events and a set of properties of an event of a second subset of events. A complete match of the rule is determined based on the evaluation, and a correlation event is generated.
摘要翻译: 提供了基于分布规则的事件关联的系统和方法。 接收到由事件的第一子事件的事件对分布式规则的部分匹配的通知。 该通知包括事件的第一个子事件的事件的一组属性。 使用事件的第一个子集的事件的属性集以及第二个事件子集的事件的一组属性来评估分布式规则。 基于评估确定规则的完全匹配,并且生成相关事件。
-
公开(公告)号:US09438616B2
公开(公告)日:2016-09-06
申请号:US14116128
申请日:2011-10-31
申请人: Anurag Singla , Robert Block , Dhiraj Sharan , Dilraba Ibrahim
发明人: Anurag Singla , Robert Block , Dhiraj Sharan , Dilraba Ibrahim
CPC分类号: H04L63/1433 , H04L41/0893 , H04L41/0896 , H04L43/065 , H04L43/16 , H04L43/50 , H04L63/0263 , H04L63/20
摘要: A network asset information management system (101) may include an asset determination and event prioritization module (105) to generate real-time asset information based on network activity involving an asset (102). A rules module (109) may include a set of rules for monitoring the network activity involving the asset. An information analysis module (110) may evaluate the real-time asset information and the rules to generate a notification (111) related to the asset. The rules may include rules for determining vulnerabilities and risks associated with the asset based on comparison of a level of traffic identified to or from an IP address related to the asset to a predetermined threshold. The notification may include a level of risk associated with the asset.
摘要翻译: 网络资产信息管理系统(101)可以包括资产确定和事件优先化模块(105),用于基于涉及资产的网络活动(102)生成实时资产信息。 规则模块(109)可以包括用于监视涉及资产的网络活动的一组规则。 信息分析模块(110)可以评估实时资产信息和规则以生成与资产相关的通知(111)。 基于与资产相关的IP地址识别的流量与预定阈值的比较来确定与资产相关联的漏洞和风险的规则。 通知可能包括与资产相关的风险级别。
-
公开(公告)号:US20140075564A1
公开(公告)日:2014-03-13
申请号:US14116128
申请日:2011-10-31
申请人: Anurag Singla , Robert Block , Dhiraj Sharan , Dilraba Ibrahim
发明人: Anurag Singla , Robert Block , Dhiraj Sharan , Dilraba Ibrahim
IPC分类号: H04L29/06
CPC分类号: H04L63/1433 , H04L41/0893 , H04L41/0896 , H04L43/065 , H04L43/16 , H04L43/50 , H04L63/0263 , H04L63/20
摘要: A network asset information management system (101) may include an asset determination and event prioritization module (105) to generate real-time asset information based on network activity involving an asset (102). A rules module (109) may include a set of rules for monitoring the network activity involving the asset. An information analysis module (110) may evaluate the real-time asset information and the rules to generate a notification (111) related to the asset. The rules may include rules for determining vulnerabilities and risks associated with the asset based on comparison of a level of traffic identified to or from an IP address related to the asset to a predetermined threshold. The notification may include a level of risk associated with the asset.
摘要翻译: 网络资产信息管理系统(101)可以包括资产确定和事件优先化模块(105),用于基于涉及资产的网络活动(102)生成实时资产信息。 规则模块(109)可以包括用于监视涉及资产的网络活动的一组规则。 信息分析模块(110)可以评估实时资产信息和规则以生成与资产相关的通知(111)。 基于与资产相关的IP地址识别的流量与预定阈值的比较来确定与资产相关联的漏洞和风险的规则。 通知可能包括与资产相关的风险级别。
-
公开(公告)号:US20140032535A1
公开(公告)日:2014-01-30
申请号:US14110333
申请日:2011-04-29
申请人: Anurag Singla
发明人: Anurag Singla
IPC分类号: G06F17/30
CPC分类号: G06F17/30477 , G06F17/30345 , G06F17/30516 , G06F21/552 , H04L63/1408
摘要: Systems and methods for in-memory processing of events are provided. A set of unique elements of a plurality of queries is determined. Each query is executed on a defined schedule and time duration. A plurality of events in an event stream are received. The events are filtered using the set of unique elements. For each query, a query result for each filtered event is determined. For each query, in-memory aggregation of the query result of each filtered event is provided.
摘要翻译: 提供了事件内存处理的系统和方法。 确定多个查询的一组唯一元素。 每个查询按照定义的计划和持续时间执行。 接收事件流中的多个事件。 使用一组唯一元素过滤事件。 对于每个查询,确定每个过滤事件的查询结果。 对于每个查询,提供了每个过滤事件的查询结果的内存中聚合。
-
公开(公告)号:US09646155B2
公开(公告)日:2017-05-09
申请号:US14239885
申请日:2011-10-20
申请人: Anurag Singla , Robert Block
发明人: Anurag Singla , Robert Block
CPC分类号: G06F21/55 , G06F11/3006 , G06F11/3072 , G06F21/552 , G06F21/554 , G06F2221/2107 , G06F2221/2125 , G06F2221/2151 , H04L43/067 , H04L63/1408 , H04L63/1416
摘要: Systems and methods for evaluation of events are provided. A user-specific reference baseline comprising a set of temporally-ordered sequences of events. An event of a sequence of events in a current session is received. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.
-
公开(公告)号:US09106681B2
公开(公告)日:2015-08-11
申请号:US13716781
申请日:2012-12-17
申请人: Anurag Singla , Doron Keller
发明人: Anurag Singla , Doron Keller
CPC分类号: H04L63/1408 , G06F21/552 , H04L63/1425 , H04L63/1441 , H04L63/20
摘要: Example embodiments disclosed herein relate to determining a reputation of a network address. A long-term reputation of the network address is determined. A short-term reputation of the network address is determined based on the long-term reputation and trend information associated with the long-term reputation.
摘要翻译: 本文公开的示例性实施例涉及确定网络地址的信誉。 确定网络地址的长期声誉。 网络地址的短期声誉取决于与长期声誉相关的长期声誉和趋势信息。
-
公开(公告)号:US20140165200A1
公开(公告)日:2014-06-12
申请号:US14131805
申请日:2011-07-29
申请人: Anurag Singla
发明人: Anurag Singla
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , G06F21/56 , G06Q10/10
摘要: Systems and methods for distributed rule-based correlation of events are provided. A notification of a partial match of a distributed rule by an event of a first subset of events is received. The notification includes a set of properties of the event of the first subset of events. The distributed rule is evaluated using the set of properties of the event of the first subset of events and a set of properties of an event of a second subset of events. A complete match of the rule is determined based on the evaluation, and a correlation event is generated.
摘要翻译: 提供了基于分布规则的事件关联的系统和方法。 接收到由事件的第一子事件的事件对分布式规则的部分匹配的通知。 该通知包括事件的第一个子事件的事件的一组属性。 使用事件的第一个子集的事件的属性集以及第二个事件子集的事件的一组属性来评估分布式规则。 基于评估确定规则的完全匹配,并且生成相关事件。
-
公开(公告)号:US20130198168A1
公开(公告)日:2013-08-01
申请号:US13563506
申请日:2012-07-31
申请人: Wei Huang , Anurag Singla , Yanlin Wang , Dhiraj Sharan
发明人: Wei Huang , Anurag Singla , Yanlin Wang , Dhiraj Sharan
IPC分类号: G06F17/30
CPC分类号: G06F16/245 , G06F16/24542
摘要: A data storage system includes a query manager to identify storage engines to execute a query. A first storage engine may execute a portion of the query on a row-oriented table and a second storage engine may execute a second portion of the query on a column-oriented table.
摘要翻译: 数据存储系统包括查询管理器以识别执行查询的存储引擎。 第一存储引擎可以在面向行的表上执行查询的一部分,并且第二存储引擎可以在面向列的表上执行查询的第二部分。
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.014 秒)
