公开(公告)号：US20240314157A1

公开(公告)日：2024-09-19

申请号：US18123265

申请日：2023-03-18

申请人： MICRO FOCUS LLC

发明人： Martin Fraser Arlitt ,  Manish Marwah

IPC分类号： H04L9/40

CPC分类号： H04L63/1433 ,  H04L63/1416 ,  H04L63/1425

摘要： An event profile corresponding to a data source at a target system is determined. The event profile includes, for each of a number of fields, a percentage of events that after processing by the data source include data in that event field. A reference event profile is determined that includes, for each of the event fields, a reference percentage. The event profile is compared to the reference event profile. Whether the data source properly processed the events is determined based on comparison of the event profile to the reference event profile.

公开(公告)号：US20230353586A1

公开(公告)日：2023-11-02

申请号：US17731720

申请日：2022-04-28

申请人： MICRO FOCUS LLC

发明人： Martin Fraser Arlitt ,  Manish Marwah ,  Mark Kendall Vaszary

IPC分类号： H04L9/40 ,  G06T11/20

CPC分类号： H04L63/1425 ,  H04L63/205 ,  G06T11/206

摘要： For each item represented within log events that have a power law-oriented distribution, first and second metrics for the item are computed based on the log events which pertain to the item. The items are organized over bins according to the first metric. The bins correspond to different ranges of the first metric. For each bin, the items in the bin are ordered according to the second metric. A plot of the bins over which the items have been organized according to the first metric, is graphically displayed, which includes displaying, for each bin, the items in the bin as have been ordered according to the second metric.

公开(公告)号：US20230171268A1

公开(公告)日：2023-06-01

申请号：US17538278

申请日：2021-11-30

申请人： MICRO FOCUS LLC

发明人： Manish Marwah ,  Martin Fraser Arlitt

IPC分类号： H04L9/40

CPC分类号： H04L63/1416 ,  H04L63/20 ,  H04L63/1425 ,  H04L63/145 ,  H04L63/0263

摘要： A security rule associated with an application is identified. This may be done continuously and verified using machine learning models to ensure that the environment characterized by the data has not changed. For example, a security rule may be which ports are open/closed on a firewall. In response to identifying the security rule associated with the application, a security test based on the security rule is generated. For example, the security test may be to test all the ports on the firewall to see which ports are open/closed. The security test against the application is executed to determine if the security rule has been implemented properly by the application.

公开(公告)号：US20230032678A1

公开(公告)日：2023-02-02

申请号：US17389247

申请日：2021-07-29

申请人： MICRO FOCUS LLC

发明人： Manish Marwah ,  Martin Arlitt

IPC分类号： G06F21/54 ,  G06F21/55 ,  G06F21/57 ,  G06N20/00

摘要： Log entries and baseline log entries have timestamps, and can be structured over columns of respective data types. Temporal inconsistency can be identified by comparing a probability distribution of time differences between the timestamps of the log entries with a probability distribution of time differences between the timestamps of the baseline log entries. Data type inconsistency can be identified by comparing a data type of each column of the log entries with a data type of a corresponding column of the baseline log entries. Columnar inconsistency can be identified by comparing a number of the columns of the log entries with a number of the columns of the baseline log entries. In response to identification of temporal, data type, and/or columnar inconsistency, that an abnormality exists in collecting the log entries is detected.

公开(公告)号：US11463331B1

公开(公告)日：2022-10-04

申请号：US17332289

申请日：2021-05-27

申请人： MICRO FOCUS LLC

发明人： Martin Arlitt ,  Mijung Kim ,  Manish Marwah

IPC分类号： G06F15/173 ,  H04L43/028 ,  H04L43/0817 ,  H04L43/067 ,  H04L43/106

摘要： Network communication events are filtered to remove the network communication events having a predicted unrelatedness to beaconing. Each network communication event has a timestamp, a source entity, and a destination entity. The filtered network communication events are aggregated by unique source entity-destination entity pairs. For each unique source entity-destination entity pair, the network communication events are timestamp-sorted, time differentials between the timestamps of adjacent network communication events are calculated, and a beacon likelihood metric is calculated from the calculated time differentials. Which of the unique source entity-destination entity pairs are indicative of beaconing are identified based on the beacon likelihood metric calculated for each unique source entity-destination entity pair.

公开(公告)号：US11178011B1

公开(公告)日：2021-11-16

申请号：US16931204

申请日：2020-07-16

申请人： MICRO FOCUS LLC

发明人： Manish Marwah ,  Martin Arlitt

IPC分类号： H04L12/24 ,  G06F16/901 ,  G06K9/62

摘要： According to examples, an apparatus may include a memory on which is stored instructions that when executed by a processor, cause the processor to extract, from network traffic data, a connectivity matrix that identifies connectivity data between entities and group the entities into a plurality of clusters based on the extracted connectivity matrix. The processor may also, for each cluster of the plurality of clusters, identify at least one representative entity that is to represent the entities in the cluster and output the identified at least one representative entity for identification of group behaviors of the entities in the plurality of clusters, in which the identified group behaviors are to be used for information technology management.

公开(公告)号：US20240267307A1

公开(公告)日：2024-08-08

申请号：US18165860

申请日：2023-02-07

申请人： MICRO FOCUS LLC

发明人： Manish Marwah ,  Martin Fraser Arlitt

IPC分类号： H04L43/026 ,  G06V20/40 ,  H04L43/028 ,  H04L65/61

CPC分类号： H04L43/026 ,  G06V20/41 ,  G06V20/47 ,  H04L43/028 ,  H04L65/61

摘要： A plurality of captured packets are received. The plurality of captured packets are from a plurality of packet flows. A packet flow is a communication session between two devices. For example, a packet flow may be a communication session between a client and a server. The plurality of captured packets are sorted into individual packet flows. The individual packet flows are converted into individual videos. For example, each packet from each packet flow is stored as a separate video frame in an individual video. A machine learning algorithm is applied to the individual videos to perform analytic tasks on the individual videos. For example, the machine learning algorithm may be used to identify anomalies within a packet flow and/or between packet flows.

公开(公告)号：US12056090B1

公开(公告)日：2024-08-06

申请号：US18315335

申请日：2023-05-10

申请人： MICRO FOCUS LLC

发明人： Pezhman Jasper Sheini ,  Manish Marwah ,  Martin Fraser Arlitt

IPC分类号： G06F16/10 ,  G06F16/13 ,  G06F16/16 ,  G06F16/17

CPC分类号： G06F16/1734 ,  G06F16/13 ,  G06F16/16

摘要： Embodiments of the disclosure provide systems and methods for analyzing log files. Automated processing of log files can comprise reading a log file generated during execution of an application and comprising a plurality of log events and generating a plurality of templates based on the plurality of log events in the log file. Each template can map a log event to a candidate value for the log event. The plurality of log events can be aggregated into a plurality of groups based on the candidate value mapped to each log event in the plurality of templates and the plurality of groups of log events can be ranked. The log file can be partitioned based on the ranking of the plurality of groups of log events and one or more groups of log events can be provided to an analysis process based on the partitioning of the log file.

公开(公告)号：US11461590B2

公开(公告)日：2022-10-04

申请号：US16442296

申请日：2019-06-14

申请人： MICRO FOCUS LLC

发明人： Manish Marwah ,  Andrey Simanovsky

IPC分类号： G06K9/62 ,  G06N3/04 ,  G06N20/20 ,  G06F17/16

摘要： According to examples, an apparatus may include a processor and a non-transitory computer readable medium on which is stored machine readable instructions that may cause the processor to identify Internet protocol (IP) addresses and connection attributes associated with the IP addresses. The instructions may also cause the processor to train a machine learning model using the IP addresses as inputs to the machine learning model and connection contexts as outputs of the machine learning model. The machine learning model may learn a first weight matrix corresponding to the IP addresses and a second weight matrix corresponding to the connection contexts. In addition, the connection contexts may be concatenations of the connection attributes associated with a corresponding IP address.

公开(公告)号：US12032683B2

公开(公告)日：2024-07-09

申请号：US17389247

申请日：2021-07-29

申请人： MICRO FOCUS LLC

发明人： Manish Marwah ,  Martin Arlitt

IPC分类号： G06F21/54 ,  G06F21/55 ,  G06F21/57 ,  G06N20/00

CPC分类号： G06F21/54 ,  G06F21/552 ,  G06F21/554 ,  G06F21/577 ,  G06N20/00

摘要： Log entries and baseline log entries have timestamps, and can be structured over columns of respective data types. Temporal inconsistency can be identified by comparing a probability distribution of time differences between the timestamps of the log entries with a probability distribution of time differences between the timestamps of the baseline log entries. Data type inconsistency can be identified by comparing a data type of each column of the log entries with a data type of a corresponding column of the baseline log entries. Columnar inconsistency can be identified by comparing a number of the columns of the log entries with a number of the columns of the baseline log entries. In response to identification of temporal, data type, and/or columnar inconsistency, that an abnormality exists in collecting the log entries is detected.