公开(公告)号：US20170295196A1

公开(公告)日：2017-10-12

申请号：US15505820

申请日：2015-04-10

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Simon Ian ARNELL ,  Marco CASASSA MONT ,  David Andrew GRAVES ,  Edward REYNOLDS ,  Niall Lawrence SAUNDERS

IPC: H04L29/06 ,  H04L29/12

Abstract: Examples relate to detecting network anomalies. In one example, a computing device may: receive, from each of a plurality of packet capture devices of a private network, domain name system (DNS) query packets that were sent by a particular client computing device operating on the private network, each DNS query packet specifying i) a destination DNS server, ii) a query domain name, and iii) a source address that specifies the particular client computing device; provide at least one of the DNS query packets to a DNS traffic analyzer that is trained to identify DNS anomalies based on characteristics of the DNS query packets; receive anomaly output from the DNS traffic analyzer, the anomaly output indicating a DNS anomaly that was identified for the DNS query packets; and in response to receiving the anomaly output, provide a user device with data specifying the identified DNS anomaly.

公开(公告)号：US20180337943A1

公开(公告)日：2018-11-22

申请号：US15777185

申请日：2015-11-17

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Simon Ian ARNELL ,  Marco CASASSA MONT ,  Yolanta BERESNA ,  Theofrastos KOULOURIS ,  Jon POTTER

IPC: H04L29/06 ,  H04L12/24

Abstract: Examples relate to handling network threats. In one example, a computing device may: receive, from a threat detector, threat data associated with a particular network device included in a plurality of network devices; identify, based on the threat data, a particular analytics operation for assisting with remediation of a threat associated with the threat data; identify, based on the threat data, additional data for performing the particular analytics operation; cause reconfiguration of at least one of the plurality of network devices, the reconfiguration causing each of the reconfigured network devices to i) collect the additional data, and ii) provide the additional data to an analytics device; and receive, from the analytics device, particular analytics results of the particular analytics operation.