公开(公告)号：US20170048261A1

公开(公告)日：2017-02-16

申请号：US15305615

申请日：2014-04-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Daniel Juergen Gmach ,  Alvin AuYoung ,  Robert Block ,  Jayaram Kallapalayam Radhakrishnan ,  Suranjan Pramanik ,  Julian James Stephen ,  Anurag Singla

IPC: H04L29/06

Abstract: In response to determining that an event matches a condition of a rule, a given one of a plurality of computing nodes is selected to send the event, based on one or both of an attribute of the event and an identifier of the rule. Information of the event is sent to the given computing node to perform correlation of the event with another event.

Abstract translation: 响应于确定事件与规则的条件匹配，基于事件的属性和规则的标识符中的一个或两个，选择多个计算节点中的给定的一个以发送事件。 将事件的信息发送给给定的计算节点，以执行事件与另一事件的相关性。

公开(公告)号：US10789367B2

公开(公告)日：2020-09-29

申请号：US15303771

申请日：2014-04-18

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Satheesh Kumar Joseph Durairaj ,  Anurag Singla

IPC: G06F21/57 ,  G06F21/55 ,  H04L29/06 ,  H04L12/26 ,  G06N3/04 ,  G06N3/08

Abstract: According to an example, pre-cognitive SIEM may include using trained classifiers to detect an anomaly in input events, and generating a predictive attack graph based on the detected anomaly in the input events. The predictive attack graph may provide an indication of different paths that can be taken from an asset that is related to the detected anomaly to compromise other selected assets in a network of the asset, and the other selected assets may be selected based on a ranking criterion and a complexity criterion. A rank list and a complexity list may be generated. The rank list, the complexity list, a depth of the predictive attack graph, and a weighted value may be used to generate a score that provides an indication of a number of assets that can be compromised and a difficulty of exploiting vulnerabilities related to services of the assets that can be compromised.

公开(公告)号：US10395049B2

公开(公告)日：2019-08-27

申请号：US15328024

申请日：2014-07-22

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Anurag Singla ,  Tomas Sander

IPC: G06F21/62 ,  H04L29/06 ,  G06F21/44 ,  G06F21/46 ,  G06F21/50 ,  G06F21/57

Abstract: According to an example, conditional security indicator sharing may include analyzing a security indicator that is received from a first entity by a security indicator sharing platform for sharing with a second entity. A determination may be made as to whether to share the security indicator with a third entity based on a condition. In response to a determination that the security indicator is to be shared or not to be shared with the third entity based on the condition, the security indicator may be respectively shared with the third entity, or not shared with the third entity.

公开(公告)号：US10356109B2

公开(公告)日：2019-07-16

申请号：US15328018

申请日：2014-07-21

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Anurag Singla ,  Edward Ross ,  Brian Frederik Hosea Che Hein

IPC: H04L29/06 ,  G06F21/55 ,  G06F21/57

Abstract: According to an example, security indicator linkage determination may include parsing input data that is used to determine a plurality of sequences of steps that are involved in attacks. A linkage selected from temporal, spatial, and/or behavioral linkages may be applied to the parsed input data to determine the plurality of sequences of steps. A security indicator that is related to a potential attack may be received. The plurality of sequences of steps may be used to determine whether the security indicator matches a step in one of the plurality of sequences of steps. In response to a determination that the security indicator matches a step in one of the plurality of sequences of steps, linkage between the security indicator and another security indicator from the one of the plurality of sequences of steps that are involved in the attacks may be identified.

公开(公告)号：US10289838B2

公开(公告)日：2019-05-14

申请号：US15116847

申请日：2014-02-21

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Anurag Singla ,  Tomas Sander ,  Edward Ross

IPC: H04L29/06 ,  G06F21/55 ,  G06F21/57

Abstract: Example embodiments disclosed herein relate to determining threat scores for threat observables. Information about multiple threat observables are received from providing entities. The information about the threat observables include at least one attribute about a respective threat associated with the threat observable. Threat scores are determined for the respective threat observables for multiple entities. In one example, a first score of a first one of the threat observables is determined and is different than a second score of the first threat observable for a second entity based on a treatment of the attribute(s).

公开(公告)号：US20160378978A1

公开(公告)日：2016-12-29

申请号：US15116847

申请日：2014-02-21

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Anurag Singla ,  Tomas Sander ,  Edward Ross

IPC: G06F21/55 ,  H04L29/06

CPC classification number: G06F21/55 ,  G06F21/554 ,  G06F21/577 ,  G06F2221/034 ,  G06F2221/2101 ,  H04L63/1433

Abstract: Example embodiments disclosed herein relate to determining threat scores for threat observables. Information about multiple threat observables are received from providing entities. The information about the threat observables include at least one attribute about a respective threat associated with the threat observable. Threat scores are determined for the respective threat observables for multiple entities. In one example, a first score of a first one of the threat observables is determined and is different than a second score of the first threat observable for a second entity based on a treatment of the attribute(s).

Abstract translation: 本文公开的示例性实施例涉及确定威胁可观测量的威胁分数。 从提供实体收到有关多个威胁可观测资料的信息。 关于可观察威胁的信息包括关于与可观察威胁相关联的相应威胁的至少一个属性。 威胁分数是针对多个实体的相应威胁可观察量确定的。 在一个示例中，确定威胁可观测器中的第一个的第一分数，并且不同于基于对该属性的处理的第二实体可观察到的第一威胁的第二分数。

公开(公告)号：US20160212165A1

公开(公告)日：2016-07-21

申请号：US14914122

申请日：2013-09-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Anurag Singla ,  Monica Jain

IPC: H04L29/06 ,  G06F3/0484

CPC classification number: H04L63/1433 ,  G06F3/04847 ,  G06F21/577

Abstract: A device for providing hierarchical threat intelligence includes a non-transitory machine-readable storage medium storing instructions that cause the device to receive, a plurality of calculated threat scores for a plurality of threat management devices, wherein the threat scores are respectively associated with context information, determine a first threat scores for a first entity based on a first subset of the calculated threat scores, determine a second threat score for a second entity based on a second subset of the calculated threat scores, receive update information of one of the calculated threat scores of the first subset from a listener of the threat management devices, and update the first threat score based on the update information.

Abstract translation: 用于提供分级威胁智能的装置包括存储导致设备接收多个威胁评估的多个威胁管理设备的多个计算的威胁分数的非暂时性机器可读存储介质，其中威胁分数分别与上下文信息相关联 基于所计算的威胁分数的第一子集确定第一实体的第一威胁分数，基于所计算的威胁分数的第二子集来确定第二实体的第二威胁分数，接收所计算的威胁分数之一的更新信息 来自威胁管理设备的监听者的第一子集的分数，并且基于更新信息来更新第一威胁分数。

公开(公告)号：US10419457B2

公开(公告)日：2019-09-17

申请号：US15305615

申请日：2014-04-30

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Daniel Juergen Gmach ,  Alvin AuYoung ,  Robert Block ,  Jayaram Kallapalayam Radhakrishnan ,  Suranjan Pramanik ,  Julian James Stephen ,  Anurag Singla

IPC: H04L29/06 ,  G06K9/00

Abstract: In response to determining that an event matches a condition of a rule, a given one of a plurality of computing nodes is selected to send the event, based on one or both of an attribute of the event and an identifier of the rule. Information of the event is sent to the given computing node to perform correlation of the event with another event.

公开(公告)号：US10104112B2

公开(公告)日：2018-10-16

申请号：US15116912

申请日：2014-04-18

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Anurag Singla ,  Tomas Sander ,  Edward Ross

IPC: H04L29/00 ,  H04L29/06 ,  G06F21/55

Abstract: Example embodiments disclosed herein relate to update a rating of threat submitters. Information is received of threat observables from threat submitters. Information about the threat observables is provided to one or more entities. Feedback about a threat observable is received from one of the entities. A rating of the threat submitter associated with the feedback is updated.

公开(公告)号：US20160269431A1

公开(公告)日：2016-09-15

申请号：US15031503

申请日：2014-01-29

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Anurag Singla

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/55

CPC classification number: H04L63/1425 ,  G06F21/552 ,  G06F21/577 ,  G06F2221/2115 ,  H04L63/1416

Abstract: A method and system for providing predictive analytics which include calculating forecast trend curves utilizing historical events, determining which of the forecast trend curves best fit the historical events to form a first best fit forecast trend curve, comparing predicted events from the first best fit forecast trend curve with real-time events, based on the real-time security events deviating from the first best fit forecast trend curve by a threshold amount, calculating additional forecast trend curves utilizing the real-time events, and determining which of the forecast trend curves and first best fit forecast trend curve best fits the real-time events to form a second best fit forecast trend curve.

Abstract translation: 一种用于提供预测分析的方法和系统，其包括利用历史事件计算预测趋势曲线，确定哪些预测趋势曲线最适合历史事件以形成第一最佳拟合预测趋势曲线，比较来自第一最佳拟合预测趋势的预测事件 曲线与实时事件，基于偏离第一最佳拟合预测趋势曲线阈值量的实时安全事件，使用实时事件计算额外的预测趋势曲线，并确定预测趋势曲线和 第一最佳拟合预测趋势曲线最适合实时事件形成第二最佳拟合预测趋势曲线。