公开(公告)号：US10884891B2

公开(公告)日：2021-01-05

申请号：US15325847

申请日：2014-12-11

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Morad Awad ,  Gil Elgrably ,  Mani Fischer ,  Renato Keshet ,  Mike Krohn ,  Alina Maor ,  Ron Maurer ,  Igor Nor ,  Olga Shain ,  Doron Shaked

IPC: G06F17/00 ,  G06F11/34 ,  G06F17/18 ,  G06F17/40 ,  G06K9/00 ,  G06K9/62 ,  G06F11/30 ,  G06F16/2455 ,  G06F3/0484

Abstract: Interactive detection of system anomalies is disclosed. One example is a system including a data processor, an anomaly processor, and an interaction processor. Input data related to a series of events and telemetry measurements is received by the data processor. The anomaly processor detects presence of a system anomaly in the input data, the system anomaly indicative of a rare situation that is distant from a norm of a distribution based on the series of events and telemetry measurements. The interaction processor is communicatively linked to the anomaly processor and to an interactive graphical user interface. The interaction processor displays, via the interactive graphical user interface, an output data stream based on the presence of the system anomaly, receives, from the interactive graphical user interface, feedback data associated with the output data stream, and provides the feedback data to the anomaly processor for operations analytics based on the feedback data.

公开(公告)号：US20180152468A1

公开(公告)日：2018-05-31

申请号：US15568280

申请日：2015-05-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Igor Nor ,  Eyal Hayun ,  Omer Barkol

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/26 ,  H04L12/24

Abstract: Certain described examples are directed towards analyzing network data. The network data is processed to generate a graph data structure that has edges that are associated with communication times from the network data and nodes that are associated with computer devices. Representations of the graph data structure are generated over time. Given an indication of at least a computing device, for example as involved in anomalous activity or a security incident, the representations of the graph data structure may be used to determine further associated computer devices that are associated with the indicated device.

公开(公告)号：US20180091359A1

公开(公告)日：2018-03-29

申请号：US15280940

申请日：2016-09-29

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Gal Alon ,  Doron Shaked ,  Igor Giller ,  Marina Lyan ,  Ron Maurer ,  Noam Fraenkel ,  Igor Nor ,  Yair Horovitz

IPC: H04L12/24

CPC classification number: H04L41/069 ,  G06F3/04182 ,  H04L41/12

Abstract: In some examples, a first pair of parameters in respective first and second log message streams associated with respective first and second source components and a second pair of parameters in the respective first and second log message streams may be identified. The first pair may be identical and the second pair may be identical. It may be determined that first pair of parameters was simultaneously generated and that the second pair of parameters was simultaneously generated in the first and in the second log message streams. A linkage score may be determined between the first and the second source components. The linkage score may be based on the determination that each of the respective first and the second pairs of parameters was simultaneously generated. It may be determined that that the first and second source components are topologically linked based on the linkage score.

公开(公告)号：US10530640B2

公开(公告)日：2020-01-07

申请号：US15280940

申请日：2016-09-29

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Gal Alon ,  Doron Shaked ,  Igor Giller ,  Marina Lyan ,  Ron Maurer ,  Noam Fraenkel ,  Igor Nor ,  Yair Horovitz

IPC: H04L12/24 ,  G06F3/041

Abstract: In some examples, a first pair of parameters in respective first and second log message streams associated with respective first and second source components and a second pair of parameters in the respective first and second log message streams may be identified. The first pair may be identical and the second pair may be identical. It may be determined that first pair of parameters was simultaneously generated and that the second pair of parameters was simultaneously generated in the first and in the second log message streams. A linkage score may be determined between the first and the second source components. The linkage score may be based on the determination that each of the respective first and the second pairs of parameters was simultaneously generated. It may be determined that that the first and second source components are topologically linked based on the linkage score.

公开(公告)号：US20170192872A1

公开(公告)日：2017-07-06

申请号：US15325847

申请日：2014-12-11

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Morad Awad ,  Gil Elgrably ,  Mani Fischer ,  Renato Keshet ,  Mike Krohn ,  Alina Maor ,  Ron Maurer ,  Igor Nor ,  Olga Shain ,  Doron Shaked

IPC: G06F11/34 ,  G06F17/18

CPC classification number: G06F11/3476 ,  G06F3/04842 ,  G06F11/3072 ,  G06F11/3452 ,  G06F16/24568 ,  G06F17/18 ,  G06F17/40 ,  G06F2201/86 ,  G06K9/00543 ,  G06K9/6284

Abstract: Interactive detection of system anomalies is disclosed. One example is a system including a data processor, an anomaly processor, and an interaction processor. Input data related to a series of events and telemetry measurements is received by the data processor. The anomaly processor detects presence of a system anomaly in the input data, the system anomaly indicative of a rare situation that is distant from a norm of a distribution based on the series of events and telemetry measurements. The interaction processor is communicatively linked to the anomaly processor and to an interactive graphical user interface. The interaction processor displays, via the interactive graphical user interface, an output data stream based on the presence of the system anomaly, receives, from the interactive graphical user interface, feedback data associated with the output data stream, and provides the feedback data to the anomaly processor for operations analytics based on the feedback data.

公开(公告)号：US10791131B2

公开(公告)日：2020-09-29

申请号：US15568280

申请日：2015-05-28

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Igor Nor ,  Eyal Hayun ,  Omer Barkol

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26 ,  H04L29/12

Abstract: Certain described examples are directed towards analyzing network data. The network data is processed to generate a graph data structure that has edges that are associated with communication times from the network data and nodes that are associated with computer devices. Representations of the graph data structure are generated over time. Given an indication of at least a computing device, for example as involved in anomalous activity or a security incident, the representations of the graph data structure may be used to determine further associated computer devices that are associated with the indicated device.

公开(公告)号：US10540360B2

公开(公告)日：2020-01-21

申请号：US15223271

申请日：2016-07-29

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Igor Nor ,  Sagi Schein ,  Omer Barkol ,  Eyal Hayun

IPC: G06F17/30 ,  G06F16/2458 ,  H04L12/24 ,  G06F16/248 ,  G06F16/901

Abstract: A method, a computing system, and a non-transitory machine readable storage medium containing instructions for identifying relationships between entities are provided. In an example, the method includes receiving a query. The query specifies a first computing entity, a second computing entity, and a window of time. A data structure is queried based on the query to identify a set of relationship instances each corresponding to a relationship between the first computing entity and the second computing entity during the window of time. A representation of the first computing entity, the second computing entity, and the set of relationship instances is provided at a user interface.

公开(公告)号：US20180032588A1

公开(公告)日：2018-02-01

申请号：US15223271

申请日：2016-07-29

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Igor Nor ,  Sagi Schein ,  Omer Barkol ,  Eyal Hayun

IPC: G06F17/30 ,  H04L12/24

Abstract: A method, a computing system, and a non-transitory machine readable storage medium containing instructions for identifying relationships between entities are provided. In an example, the method includes receiving a query. The query specifies a first computing entity, a second computing entity, and a window of time. A data structure is queried based on the query to identify a set of relationship instances each corresponding to a relationship between the first computing entity and the second computing entity during the window of time. A representation of the first computing entity, the second computing entity, and the set of relationship instances is provided at a user interface.

公开(公告)号：US20170154107A1

公开(公告)日：2017-06-01

申请号：US15325807

申请日：2014-12-11

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Morad Awad ,  Gil Elgrably ,  Mani Fischer ,  Renato Keshet ,  Mike Krohn ,  Alina Maor ,  Ron Maurer ,  Igor Nor ,  Olga Shain ,  Doron Shaked

IPC: G06F17/30

CPC classification number: G06F16/345 ,  G06F16/35 ,  G06F16/36

Abstract: Determining term scores based on a modified inverse domain frequency is disclosed. One example is a system including a data processing engine, an evaluator, and a data analytics module. The data processing engine identifies a key term associated with a system, and a sub-plurality of a plurality of documents, the sub-plurality of documents associated with the event. The evaluator determines, based on the presence or absence of the key term, a first distribution related to the sub-plurality of documents, and a second distribution related to the plurality of documents, and evaluates, for the key term, a term score based on the first distribution and the second distribution, the term score indicative of a modified inverse domain frequency based on the sub-plurality of documents. The data analytics module includes the key term in a word cloud when the term score for the key term satisfies a threshold.