公开(公告)号：US10296739B2

公开(公告)日：2019-05-21

申请号：US14773983

申请日：2013-03-11

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Anurag Singla ,  Robert Block ,  Suranjan Pramanik

IPC: H04L29/06 ,  G06F21/55

Abstract: According to an example, a confidence factor function may be applied to determine a confidence factor for a condition of a rule to correlate events. The confidence factor may be an approximation of whether an event or a set of events satisfies the condition in the rule. The confidence factor may be compared to a threshold to determine whether the condition is satisfied.

公开(公告)号：US20160191352A1

公开(公告)日：2016-06-30

申请号：US14846502

申请日：2015-09-04

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Anurag Singla ,  Robert Block ,  Dhiraj Sharan ,  Dilraba Ibrahim

IPC: H04L12/26

CPC classification number: H04L63/1433 ,  H04L41/0893 ,  H04L41/0896 ,  H04L43/065 ,  H04L43/16 ,  H04L43/50 ,  H04L63/0263 ,  H04L63/20

Abstract: A network asset information management system (101) may include an asset determination and event prioritization module (105) to generate real-time asset information based on network activity involving an asset (102). A rules module (109) may include a set of rules for monitoring the network activity involving the asset. An information analysis module (110) may evaluate the real-time asset information and the rules to generate a notification (111) related to the asset. The rules may include rules for determining vulnerabilities and risks associated with the asset based on comparison of a level of traffic identified to or from an IP address related to the asset to a predetermined threshold. The notification may include a level of risk associated with the asset.

Abstract translation: 网络资产信息管理系统（101）可以包括资产确定和事件优先化模块（105），用于基于涉及资产的网络活动（102）生成实时资产信息。 规则模块（109）可以包括用于监视涉及资产的网络活动的一组规则。 信息分析模块（110）可以评估实时资产信息和规则以生成与资产相关的通知（111）。 基于与资产相关的IP地址识别的流量与预定阈值的比较来确定与资产相关联的漏洞和风险的规则。 通知可能包括与资产相关的风险级别。

公开(公告)号：US20160019388A1

公开(公告)日：2016-01-21

申请号：US14773983

申请日：2013-03-11

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Anurag Singla ,  Robert Block ,  Suranjan Pramanik

IPC: G06F21/55

CPC classification number: G06F21/552

Abstract: According to an example, a confidence factor function may be applied to determine a confidence factor for a condition of a rule to correlate events. The confidence factor may be an approximation of whether an event or a set of events satisfies the condition in the rule. The confidence factor may be compared to a threshold to determine whether the condition is satisfied.

Abstract translation: 根据示例，可以应用置信因子函数来确定用于关联事件的规则的条件的置信因子。 置信因子可以是事件或一组事件是否满足规则中的条件的近似。 可以将置信因子与阈值进行比较，以确定条件是否满足。

公开(公告)号：US10013318B2

公开(公告)日：2018-07-03

申请号：US14783175

申请日：2013-04-16

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Robert Block ,  Anurag Singla

IPC: G06F11/00 ,  G06F11/20 ,  H04L29/06 ,  G06F21/55 ,  H04L12/24 ,  G06F11/07 ,  G06F17/40

CPC classification number: G06F11/2002 ,  G06F11/0709 ,  G06F11/079 ,  G06F11/2046 ,  G06F11/2097 ,  G06F17/40 ,  G06F21/554 ,  G06F2201/805 ,  H04L41/065 ,  H04L41/0659 ,  H04L41/0686 ,  H04L63/1416

Abstract: According to an example, a master node is to divide an event field in events into partitions including ordered contiguous blocks of values for the event field. Each partition may be assigned to a pair of cluster nodes. A partition map is determined from the partitions and may identify for each partition, the block of the event field values for the partition, a primary cluster node, and a failover cluster node for the primary cluster node.

公开(公告)号：US20160034361A1

公开(公告)日：2016-02-04

申请号：US14783175

申请日：2013-04-16

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Robert Block ,  Anurag Singla

IPC: G06F11/20 ,  G06F11/07

CPC classification number: G06F11/2002 ,  G06F11/0709 ,  G06F11/079 ,  G06F11/2046 ,  G06F11/2097 ,  G06F17/40 ,  G06F21/554 ,  G06F2201/805 ,  H04L41/065 ,  H04L41/0659 ,  H04L41/0686 ,  H04L63/1416

Abstract: According to an example, a master node is to divide an event field in events into partitions including ordered contiguous blocks of values for the event field. Each partition may be assigned to a pair of cluster nodes. A partition map is determined from the partitions and may identify for each partition, the block of the event field values for the partition, a primary cluster node, and a failover cluster node for the primary cluster node.

Abstract translation: 根据一个示例，主节点是将事件中的事件字段划分为包括事件字段的有序连续的值块。 每个分区可以分配给一对群集节点。 从分区确定分区映射，并且可以为每个分区识别主集群节点的分区，主集群节点和故障转移群集节点的事件字段值块。