-
公开(公告)号:US09824107B2
公开(公告)日:2017-11-21
申请号:US11923502
申请日:2007-10-24
申请人: Anurag Singla , Kumar Saurabh , Kenny C. Tidwell
发明人: Anurag Singla , Kumar Saurabh , Kenny C. Tidwell
CPC分类号: G06F17/30333 , G06F17/30492 , G06F17/30551 , H04L29/12783 , H04L61/35 , H04L63/1408 , H04L63/20 , H04L67/142
摘要: A session table includes one or more records, where each record represents a session. Session record information is stored in various fields, such as key fields, value fields, and timestamp fields. Session information is described as keys and values in order to support query/lookup operations. A session table is associated with a filter, which describes a set of keys that can be used for records in that table. A session table is populated using data contained in security information/events. Rules are created to identify events related to session information, extract the session information, and use the session information to modify a session table. A session table is partitioned so that the number of records in each session table partition is decreased. A session table is processed periodically so that active sessions are moved to the current partition.
-
公开(公告)号:US20080104046A1
公开(公告)日:2008-05-01
申请号:US11923502
申请日:2007-10-24
申请人: Anurag Singla , Kumar Saurabh , Kenny Tidwell
发明人: Anurag Singla , Kumar Saurabh , Kenny Tidwell
IPC分类号: G06F17/30
CPC分类号: G06F17/30333 , G06F17/30492 , G06F17/30551 , H04L29/12783 , H04L61/35 , H04L63/1408 , H04L63/20 , H04L67/142
摘要: A session table includes one or more records, where each record represents a session. Session record information is stored in various fields, such as key fields, value fields, and timestamp fields. Session information is described as keys and values in order to support query/lookup operations. A session table is associated with a filter, which describes a set of keys that can be used for records in that table. A session table is populated using data contained in security information/events. Rules are created to identify events related to session information, extract the session information, and use the session information to modify a session table. A session table is partitioned so that the number of records in each session table partition is decreased. A session table is processed periodically so that active sessions are moved to the current partition.
摘要翻译: 会话表包括一个或多个记录,其中每个记录表示会话。 会话记录信息存储在各种字段中,例如键字段,值字段和时间戳字段。 会话信息被描述为键和值以支持查询/查找操作。 会话表与过滤器相关联,过滤器描述了可用于该表中的记录的一组密钥。 使用安全信息/事件中包含的数据填充会话表。 创建规则以识别与会话信息相关的事件,提取会话信息,并使用会话信息来修改会话表。 会话表被分区,使得每个会话表分区中的记录数量减少。 周期性地处理会话表,以便将活动会话移动到当前分区。
-
公开(公告)号:US20150135263A1
公开(公告)日:2015-05-14
申请号:US14398003
申请日:2012-05-30
申请人: Anurag Singla , Zhipeng Zhao
发明人: Anurag Singla , Zhipeng Zhao
CPC分类号: H04L63/20 , G06F17/30595 , G06F21/552 , H04L63/1416 , H04L63/1425
摘要: Fields are determined for pattern discovery in event data. Cardinality and repetitiveness statistics are determined for fields of event data. A set of the fields are selected based on the cardinality and repetitiveness for the fields. The fields may be included in a pattern discovery profile.
摘要翻译: 确定事件数据中的模式发现的字段。 确定事件数据领域的基数和重复性统计。 基于字段的基数和重复性选择一组字段。 字段可以包含在模式发现配置文件中。
-
公开(公告)号:US09571508B2
公开(公告)日:2017-02-14
申请号:US14131805
申请日:2011-07-29
申请人: Anurag Singla
发明人: Anurag Singla
CPC分类号: H04L63/1416 , G06F21/56 , G06Q10/10
摘要: Systems and methods for distributed rule-based correlation of events are provided. A notification of a partial match of a distributed rule by an event of a first subset of events is received. The notification includes a set of properties of the event of the first subset of events. The distributed rule is evaluated using the set of properties of the event of the first subset of events and a set of properties of an event of a second subset of events. A complete match of the rule is determined based on the evaluation, and a correlation event is generated.
摘要翻译: 提供了基于分布规则的事件关联的系统和方法。 接收到由事件的第一子事件的事件对分布式规则的部分匹配的通知。 该通知包括事件的第一个子事件的事件的一组属性。 使用事件的第一个子集的事件的属性集以及第二个事件子集的事件的一组属性来评估分布式规则。 基于评估确定规则的完全匹配,并且生成相关事件。
-
公开(公告)号:US09438616B2
公开(公告)日:2016-09-06
申请号:US14116128
申请日:2011-10-31
申请人: Anurag Singla , Robert Block , Dhiraj Sharan , Dilraba Ibrahim
发明人: Anurag Singla , Robert Block , Dhiraj Sharan , Dilraba Ibrahim
CPC分类号: H04L63/1433 , H04L41/0893 , H04L41/0896 , H04L43/065 , H04L43/16 , H04L43/50 , H04L63/0263 , H04L63/20
摘要: A network asset information management system (101) may include an asset determination and event prioritization module (105) to generate real-time asset information based on network activity involving an asset (102). A rules module (109) may include a set of rules for monitoring the network activity involving the asset. An information analysis module (110) may evaluate the real-time asset information and the rules to generate a notification (111) related to the asset. The rules may include rules for determining vulnerabilities and risks associated with the asset based on comparison of a level of traffic identified to or from an IP address related to the asset to a predetermined threshold. The notification may include a level of risk associated with the asset.
摘要翻译: 网络资产信息管理系统(101)可以包括资产确定和事件优先化模块(105),用于基于涉及资产的网络活动(102)生成实时资产信息。 规则模块(109)可以包括用于监视涉及资产的网络活动的一组规则。 信息分析模块(110)可以评估实时资产信息和规则以生成与资产相关的通知(111)。 基于与资产相关的IP地址识别的流量与预定阈值的比较来确定与资产相关联的漏洞和风险的规则。 通知可能包括与资产相关的风险级别。
-
公开(公告)号:US20140075564A1
公开(公告)日:2014-03-13
申请号:US14116128
申请日:2011-10-31
申请人: Anurag Singla , Robert Block , Dhiraj Sharan , Dilraba Ibrahim
发明人: Anurag Singla , Robert Block , Dhiraj Sharan , Dilraba Ibrahim
IPC分类号: H04L29/06
CPC分类号: H04L63/1433 , H04L41/0893 , H04L41/0896 , H04L43/065 , H04L43/16 , H04L43/50 , H04L63/0263 , H04L63/20
摘要: A network asset information management system (101) may include an asset determination and event prioritization module (105) to generate real-time asset information based on network activity involving an asset (102). A rules module (109) may include a set of rules for monitoring the network activity involving the asset. An information analysis module (110) may evaluate the real-time asset information and the rules to generate a notification (111) related to the asset. The rules may include rules for determining vulnerabilities and risks associated with the asset based on comparison of a level of traffic identified to or from an IP address related to the asset to a predetermined threshold. The notification may include a level of risk associated with the asset.
摘要翻译: 网络资产信息管理系统(101)可以包括资产确定和事件优先化模块(105),用于基于涉及资产的网络活动(102)生成实时资产信息。 规则模块(109)可以包括用于监视涉及资产的网络活动的一组规则。 信息分析模块(110)可以评估实时资产信息和规则以生成与资产相关的通知(111)。 基于与资产相关的IP地址识别的流量与预定阈值的比较来确定与资产相关联的漏洞和风险的规则。 通知可能包括与资产相关的风险级别。
-
公开(公告)号:US20140032535A1
公开(公告)日:2014-01-30
申请号:US14110333
申请日:2011-04-29
申请人: Anurag Singla
发明人: Anurag Singla
IPC分类号: G06F17/30
CPC分类号: G06F17/30477 , G06F17/30345 , G06F17/30516 , G06F21/552 , H04L63/1408
摘要: Systems and methods for in-memory processing of events are provided. A set of unique elements of a plurality of queries is determined. Each query is executed on a defined schedule and time duration. A plurality of events in an event stream are received. The events are filtered using the set of unique elements. For each query, a query result for each filtered event is determined. For each query, in-memory aggregation of the query result of each filtered event is provided.
摘要翻译: 提供了事件内存处理的系统和方法。 确定多个查询的一组唯一元素。 每个查询按照定义的计划和持续时间执行。 接收事件流中的多个事件。 使用一组唯一元素过滤事件。 对于每个查询,确定每个过滤事件的查询结果。 对于每个查询,提供了每个过滤事件的查询结果的内存中聚合。
-
公开(公告)号:US20230044470A1
公开(公告)日:2023-02-09
申请号:US17397568
申请日:2021-08-09
申请人: Anurag Singla
发明人: Anurag Singla
摘要: According to an example, an autonomous normal and novel behavior sharing apparatus may receive one or more novel behavior baseline models and one or more normal behavior baseline models from a first entity for sharing with a second entity and a subset of other entities; share the received models with the second entity and a subset of other entities; receive one or more novel behavior baseline models and one or more normal behavior baseline models from other entities for sharing with the first entity and a subset of other entities; share the received models with the first entity and subset of other entities; receive effectiveness factor of the shared models from the entities that received these models; score the models based on effectiveness factor received from a plurality of entities; prioritize sharing of the models based on their score.
-
公开(公告)号:US09355148B2
公开(公告)日:2016-05-31
申请号:US14110333
申请日:2011-04-29
申请人: Anurag Singla
发明人: Anurag Singla
CPC分类号: G06F17/30477 , G06F17/30345 , G06F17/30516 , G06F21/552 , H04L63/1408
摘要: Systems and methods for in-memory processing of events are provided. A set of unique elements of a plurality of queries is determined. Each query is executed on a defined schedule and time duration. A plurality of events in an event stream are received. The events are filtered using the set of unique elements. For each query, a query result for each filtered event is determined. For each query, in-memory aggregation of the query result of each filtered event is provided.
摘要翻译: 提供了事件内存处理的系统和方法。 确定多个查询的一组唯一元素。 每个查询按照定义的计划和持续时间执行。 接收事件流中的多个事件。 使用一组唯一元素过滤事件。 对于每个查询,确定每个过滤事件的查询结果。 对于每个查询,提供了每个过滤事件的查询结果的内存中聚合。
-
公开(公告)号:US20150106922A1
公开(公告)日:2015-04-16
申请号:US14398017
申请日:2012-05-30
申请人: Zhipeng Zhao , Yanlin Wang , Anurag Singla
发明人: Zhipeng Zhao , Yanlin Wang , Anurag Singla
CPC分类号: H04L63/1408 , H04L43/04
摘要: Pattern discovery performed on event data may include selecting an initial set of parameters for the pattern discovery. The parameters may specify conditions for identifying a pattern in the event data. A pattern discovery run is executed on the event data based on the initial set of parameters, and a parameter may be adjusted based on the output of the pattern discovery run.
摘要翻译: 对事件数据执行的模式发现可以包括为模式发现选择一组初始参数。 参数可以指定用于识别事件数据中的模式的条件。 基于初始参数集在事件数据上执行模式发现运行,并且可以基于模式发现运行的输出来调整参数。
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.03 秒)
