公开(公告)号：US11188642B2

公开(公告)日：2021-11-30

申请号：US14763190

申请日：2013-01-28

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Anurag Singla ,  Adam Brody

IPC: G08B21/00 ,  G06F21/55 ,  H04L29/06 ,  H04L12/24 ,  G06F11/32

Abstract: A system and method for displaying a number of real-time security events comprises a number of client devices and an administrator device communicatively coupled to the client devices. The administrator device may comprise a preferences module and an event rate adapter module communicatively coupled to the preferences module. The preferences module receives input describing how to display a number of security events on the screen of a graphical user interface the event rate adapter module displays a number of real-time scrolling security events for a relatively longer period of time than other security events.

公开(公告)号：US20160019388A1

公开(公告)日：2016-01-21

申请号：US14773983

申请日：2013-03-11

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Anurag Singla ,  Robert Block ,  Suranjan Pramanik

IPC: G06F21/55

CPC classification number: G06F21/552

Abstract: According to an example, a confidence factor function may be applied to determine a confidence factor for a condition of a rule to correlate events. The confidence factor may be an approximation of whether an event or a set of events satisfies the condition in the rule. The confidence factor may be compared to a threshold to determine whether the condition is satisfied.

Abstract translation: 根据示例，可以应用置信因子函数来确定用于关联事件的规则的条件的置信因子。 置信因子可以是事件或一组事件是否满足规则中的条件的近似。 可以将置信因子与阈值进行比较，以确定条件是否满足。

公开(公告)号：US20140173723A1

公开(公告)日：2014-06-19

申请号：US13716781

申请日：2012-12-17

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Anurag Singla ,  Doron Keller

IPC: G06F21/55

CPC classification number: H04L63/1408 ,  G06F21/552 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/20

Abstract: Example embodiments disclosed herein relate to determining a reputation of a network address. A long-term reputation of the network address is determined. A short-term reputation of the network address is determined based on the long-term reputation and trend information associated with the long-term reputation.

Abstract translation: 本文公开的示例性实施例涉及确定网络地址的信誉。 确定网络地址的长期声誉。 网络地址的短期声誉取决于与长期声誉相关的长期声誉和趋势信息。

公开(公告)号：US10296739B2

公开(公告)日：2019-05-21

申请号：US14773983

申请日：2013-03-11

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Anurag Singla ,  Robert Block ,  Suranjan Pramanik

IPC: H04L29/06 ,  G06F21/55

Abstract: According to an example, a confidence factor function may be applied to determine a confidence factor for a condition of a rule to correlate events. The confidence factor may be an approximation of whether an event or a set of events satisfies the condition in the rule. The confidence factor may be compared to a threshold to determine whether the condition is satisfied.

公开(公告)号：US20160191352A1

公开(公告)日：2016-06-30

申请号：US14846502

申请日：2015-09-04

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Anurag Singla ,  Robert Block ,  Dhiraj Sharan ,  Dilraba Ibrahim

IPC: H04L12/26

CPC classification number: H04L63/1433 ,  H04L41/0893 ,  H04L41/0896 ,  H04L43/065 ,  H04L43/16 ,  H04L43/50 ,  H04L63/0263 ,  H04L63/20

Abstract: A network asset information management system (101) may include an asset determination and event prioritization module (105) to generate real-time asset information based on network activity involving an asset (102). A rules module (109) may include a set of rules for monitoring the network activity involving the asset. An information analysis module (110) may evaluate the real-time asset information and the rules to generate a notification (111) related to the asset. The rules may include rules for determining vulnerabilities and risks associated with the asset based on comparison of a level of traffic identified to or from an IP address related to the asset to a predetermined threshold. The notification may include a level of risk associated with the asset.

Abstract translation: 网络资产信息管理系统（101）可以包括资产确定和事件优先化模块（105），用于基于涉及资产的网络活动（102）生成实时资产信息。 规则模块（109）可以包括用于监视涉及资产的网络活动的一组规则。 信息分析模块（110）可以评估实时资产信息和规则以生成与资产相关的通知（111）。 基于与资产相关的IP地址识别的流量与预定阈值的比较来确定与资产相关联的漏洞和风险的规则。 通知可能包括与资产相关的风险级别。

公开(公告)号：US09830451B2

公开(公告)日：2017-11-28

申请号：US14647833

申请日：2012-11-30

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Anurag Singla ,  Zhipeng Zhao ,  Fei Gao

IPC: G06F21/55 ,  G06F21/56 ,  H04L29/06

CPC classification number: G06F21/552 ,  G06F21/55 ,  G06F21/554 ,  G06F21/56 ,  G06F2221/034 ,  H04L63/1425 ,  H04L63/1433

Abstract: Example embodiments disclosed herein relate to distributed pattern discovery. A local frequent pattern tree or local frequent pattern trees can be merged. The merging can be based on activities or transactions associated with the local frequent pattern tree or trees.

公开(公告)号：US20150324581A1

公开(公告)日：2015-11-12

申请号：US14763190

申请日：2013-01-28

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Anurag Singla ,  Adam Brody

IPC: G06F21/55 ,  H04L12/24 ,  H04L29/06

CPC classification number: G06F21/552 ,  G06F11/32 ,  G06F2201/86 ,  G06F2221/034 ,  H04L41/22 ,  H04L67/42

Abstract: A system and method for displaying a number of real-time security events comprises a number of client devices and an administrator device communicatively coupled to the client devices. The administrator device may comprise a preferences module and an event rate adapter module communicatively coupled to the preferences module. The preferences module receives input describing how to display a number of security events on the screen of a graphical user interface the event rate adapter module displays a number of real-time scrolling security events for a relatively longer period of time than other security events.

Abstract translation: 用于显示多个实时安全事件的系统和方法包括多个客户端设备和通信地耦合到客户端设备的管理员设备。 管理员设备可以包括通信地耦合到偏好模块的偏好模块和事件速率适配器模块。 偏好模块接收描述如何在图形用户界面的屏幕上显示多个安全事件的输入，事件速率适配器模块显示与其他安全事件相对更长的时间段的实时滚动安全事件的数量。

公开(公告)号：US20140215616A1

公开(公告)日：2014-07-31

申请号：US13755007

申请日：2013-01-31

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Sandeep N. Bhatt ,  Tomas Sander ,  Anurag Singla

IPC: G06F21/55

CPC classification number: H04L63/1441 ,  G06F21/554 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/145 ,  H04L63/1466

Abstract: Systems, methods, and machine-readable and executable instructions are provided for attack notification. Attack notification can include receiving security-related data from a number of computing devices that are associated with a number of entities through a communication link and analyzing a first portion of the security-related data that is associated with a first entity from the number of entities to determine whether the first entity has experienced an attack. Attack notification can include analyzing a second portion of the security-related data that is associated with a second entity from the number of entities and the first portion of the security-related data that is associated with the first entity to determine whether the second entity is experiencing the attack. Attack notification can include notifying, through the communication link, the second entity that the second entity is experiencing the attack if it is determined that the second entity is experiencing the attack.

Abstract translation: 提供系统，方法和机器可读和可执行指令用于攻击通知。 攻击通知可以包括通过通信链路从多个计算设备接收与多个实体相关联的安全相关数据，并从实体数目分析与第一实体相关联的安全相关数据的第一部分 以确定第一实体是否经历了攻击。 攻击通知可以包括从实体的数量和与第一实体相关联的安全相关数据的第一部分分析与第二实体相关联的安全相关数据的第二部分，以确定第二实体是否是 遇到攻击 攻击通知可以包括通过通信链路通知第二实体正在经历攻击的第二实体，如果确定第二实体正在经历攻击。

公开(公告)号：US10104109B2

公开(公告)日：2018-10-16

申请号：US14914122

申请日：2013-09-30

Applicant: HEWLETT PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Anurag Singla ,  Monica Jain

IPC: H04L29/06 ,  G06F21/57 ,  G06F3/0484

Abstract: A device for providing hierarchical threat intelligence includes a non-transitory machine-readable storage medium storing instructions that cause the device to receive, a plurality of calculated threat scores for a plurality of threat management devices, wherein the threat scores are respectively associated with context information, determine a first threat scores for a first entity based on a first subset of the calculated threat scores, determine a second threat score for a second entity based on a second subset of the calculated threat scores, receive update information of one of the calculated threat scores of the first subset from a listener of the threat management devices, and update the first threat score based on the update information.

公开(公告)号：US20150371044A1

公开(公告)日：2015-12-24

申请号：US14764670

申请日：2013-01-31

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： William Horne ,  Tomas Sander ,  Krishnamurthy Viswanathan ,  Siva Raj Rajagopalan ,  Anurag Singla

IPC: G06F21/57 ,  H04L29/06

CPC classification number: G06F21/57 ,  G06F21/577 ,  G06F2221/034 ,  H04L63/1408 ,  H04L63/20

Abstract: Providing a targeted security alert can include collecting participant data from a plurality of participants within a threat exchange community, calculating, using a threat exchange server, a threat relevancy score of a participant among the plurality of participants within the threat exchange community using the collected participant data, and providing, from the threat exchange server to the participant, the targeted security alert based on the calculated threat relevancy score via a communication link within the threat exchange community.

Abstract translation: 提供有针对性的安全警报可以包括从威胁交换社区内的多个参与者收集参与者数据，使用所收集的参与者在威胁交换社区内的多个参与者中使用威胁交换服务器计算参与者的威胁相关性得分 数据，并且通过威胁交换社区内的通信链路，从威胁交换服务器向参与者提供基于所计算的威胁相关性得分的目标安全警报。