-
1.发明申请
公开(公告)号:WO2013019198A1
公开(公告)日:2013-02-07
申请号:PCT/US2011/046024
申请日:2011-07-29
Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L. P. , SINGLA, Anurag
Inventor: SINGLA, Anurag
IPC: G06F21/20
CPC classification number: H04L63/1416 , G06F21/56 , G06Q10/10
Abstract: Systems and methods for distributed rule-based correlation of events are provided. A notification of a partial match of a distributed rule by an event of a first subset of events is received. The notification includes a set of properties of the event of the first subset of events. The distributed rule is evaluated using the set of properties of the event of the first subset of events and a set of properties of an event of a second subset of events. A complete match of the rule is determined based on the evaluation, and a correlation event is generated.
Abstract translation: 提供了基于分布规则的事件关联的系统和方法。 接收到由事件的第一子事件的事件对分布式规则的部分匹配的通知。 该通知包括事件的第一个子事件的事件的一组属性。 使用事件的第一个子集的事件的属性集以及第二个事件子集的事件的一组属性来评估分布式规则。 基于评估确定规则的完全匹配,并且生成相关事件。
-
公开(公告)号:WO2013036785A2
公开(公告)日:2013-03-14
申请号:PCT/US2012/054193
申请日:2012-09-07
Inventor: SINGLA, Anurag , WISER, David Earl
IPC: G06F17/00
CPC classification number: G06F21/55 , G06F21/552 , G06F21/6227
Abstract: A drill down manager system may include an introspect module to determine fields for visual components, and a mappings module to map a drill down to a visual component based on the fields and data outputs for the drill down. The system may present the data outputs for the drill down in the visual component mapped to the drill down.
Abstract translation: 钻取管理器系统可以包括用于确定可视组件的字段的反投影模块以及基于钻取的字段和数据输出将钻取映射到可视组件的映射模块。 系统可以将可视化组件中的向下钻取的数据输出呈现给钻取。
-
3.发明申请SYSTEMS AND METHODS FOR EVALUATION OF EVENTS BASED ON A REFERENCE BASELINE ACCORDING TO TEMPORAL POSITION IN A SEQUENCE OF EVENTS 审中-公开基于参考基准的事件评估系统和方法根据活动顺序的时间位置
公开(公告)号:WO2013036269A1
公开(公告)日:2013-03-14
申请号:PCT/US2011/057139
申请日:2011-10-20
Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. , SINGLA, Anurag , BLOCK, Robert
Inventor: SINGLA, Anurag , BLOCK, Robert
CPC classification number: G06F21/55 , G06F11/3006 , G06F11/3072 , G06F21/552 , G06F21/554 , G06F2221/2107 , G06F2221/2125 , G06F2221/2151 , H04L43/067 , H04L63/1408 , H04L63/1416
Abstract: Systems and methods for evaluation of events are provided. A user-specific reference baseline comprising a set of temporally-ordered sequences of events. An event of a sequence of events in a current session is received. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.
Abstract translation: 提供了用于评估事件的系统和方法。 用户特定参考基准,其包括一组时间有序的事件序列。 接收当前会话中事件序列的事件。 确定事件是否使用事件的属性和在当前会话中的事件序列内的事件的时间位置至少部分匹配参考基准。
-
公开(公告)号:WO2012166194A1
公开(公告)日:2012-12-06
申请号:PCT/US2011/058673
申请日:2011-10-31
Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. , SINGLA, Anurag , BLOCK, Robert , SHARAN, Dhiraj , IBRAHIM, Dilraba
Inventor: SINGLA, Anurag , BLOCK, Robert , SHARAN, Dhiraj , IBRAHIM, Dilraba
CPC classification number: H04L63/1433 , H04L41/0893 , H04L41/0896 , H04L43/065 , H04L43/16 , H04L43/50 , H04L63/0263 , H04L63/20
Abstract: A network asset information management system (101) may include an asset determination and event prioritization module (105) to generate real-time asset information based on network activity involving an asset (102). A rules module (109) may include a set of rules for monitoring the network activity involving the asset. An information analysis module (110) may evaluate the real-time asset information and the rules to generate a notification (111) related to the asset. The rules may include rules for determining vulnerabilities and risks associated with the asset based on comparison of a level of traffic identified to or from an IP address related to the asset to a predetermined threshold. The notification may include a level of risk associated with the asset.
Abstract translation: 网络资产信息管理系统(101)可以包括资产确定和事件优先化模块(105),用于基于涉及资产的网络活动(102)生成实时资产信息。 规则模块(109)可以包括用于监视涉及该资产的网络活动的一组规则。 信息分析模块(110)可以评估实时资产信息和规则以生成与资产相关的通知(111)。 基于与资产相关的IP地址识别的流量与预定阈值的比较来确定与资产相关联的漏洞和风险的规则。 通知可能包括与资产相关的风险级别。
-
公开(公告)号:WO2014021871A1
公开(公告)日:2014-02-06
申请号:PCT/US2012/049057
申请日:2012-07-31
Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. , SINGLA, Anurag , PRAMANIK, Suranjan , SANDER, Tomas
Inventor: SINGLA, Anurag , PRAMANIK, Suranjan , SANDER, Tomas
CPC classification number: H04L63/1416 , H04L41/069 , H04L43/12 , H04L63/1408 , H04L63/1425 , H04L63/1441
Abstract: A process includes analyzing events reported by computing devices on a network to recognize patterns of events that occurred on the network and sharing with a community, information concerning the patterns detected. The process may also use consolidated information on the patterns to select one or more of the patterns for analysis that identifies whether the selected patterns result from malicious activity. The consolidated information includes information on the patterns detected on the network and information concerning corresponding patterns of events that occurred elsewhere.
Abstract translation: 一个过程包括分析由网络上的计算设备报告的事件,以识别网络上发生的事件模式并与社区共享,关于所检测到的模式的信息。 该过程还可以使用关于模式的合并信息来选择用于分析的一个或多个模式,其识别所选择的模式是否由恶意活动导致。 综合信息包括关于在网络上检测到的模式的信息,以及关于其他地方发生的事件的相应模式的信息。
-
Patent Agency Ranking
公开(公告)号:WO2013180707A1
公开(公告)日:2013-12-05
申请号:PCT/US2012/040019
申请日:2012-05-30
Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. , SINGLA, Anurag , ZHAO, Zhipeng
Inventor: SINGLA, Anurag , ZHAO, Zhipeng
CPC classification number: H04L63/20 , G06F17/30595 , G06F21/552 , H04L63/1416 , H04L63/1425
Abstract: Fields are determined for pattern discovery in event data. Cardinality and repetitiveness statistics are determined for fields of event data. A set of the fields are selected based on the cardinality and repetitiveness for the fields. The fields may be included in a pattern discovery profile.
Abstract translation: 确定事件数据中的模式发现的字段。 确定事件数据领域的基数和重复性统计。 基于字段的基数和重复性选择一组字段。 字段可以包含在模式发现配置文件中。
-
公开(公告)号:WO2013002811A1
公开(公告)日:2013-01-03
申请号:PCT/US2011/042726
申请日:2011-06-30
Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L. P. , SINGLA, Anurag
Inventor: SINGLA, Anurag
IPC: G06F17/30
CPC classification number: G06F17/30477 , G06F17/30516 , G06F21/552 , G06F21/577
Abstract: Systems and methods for merging partially aggregated query results are provided. A partially aggregated query result is determined. Each query of a plurality of queries is executed on a plurality of events at a defined schedule and a time duration. A key and a value of the partially aggregated query result are identified. It is determined whether a function for the partially aggregated query result is identified. If so, a related partially aggregated query result is determined using the key. The partially aggregated query result is merged with the related partially aggregated query result.
Abstract translation: 提供了用于合并部分聚合查询结果的系统和方法。 确定部分聚合的查询结果。 多个查询中的每个查询是以规定的时间表和持续时间在多个事件上执行的。 识别部分聚合查询结果的键和值。 确定是否识别部分聚合的查询结果的功能。 如果是,则使用密钥确定相关的部分聚合的查询结果。 部分聚合的查询结果与相关的部分聚合查询结果合并。
-
公开(公告)号:WO2011149773A3
公开(公告)日:2011-12-01
申请号:PCT/US2011/037318
申请日:2011-05-20
Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. , SINGLA, Anurag
Inventor: SINGLA, Anurag
Abstract: Security events associated with network devices and an actor category model are stored (501, 503). The actor category model includes levels arranged in a hierarchy and each level is associated with a subcategory for a category of the model. Security events are correlated with the actor category model (505), and a determination of whether a security threat exists is performed based on the correlating (506).
-
9.发明申请
公开(公告)号:WO2008052133A3
公开(公告)日:2008-09-04
申请号:PCT/US2007082560
申请日:2007-10-25
Applicant: ARCSIGHT INC , SINGLA ANURAG , SAURABH KUMAR , TIDWELL KENNY C
Inventor: SINGLA ANURAG , SAURABH KUMAR , TIDWELL KENNY C
IPC: H04L9/00
CPC classification number: G06F17/30333 , G06F17/30492 , G06F17/30551 , H04L29/12783 , H04L61/35 , H04L63/1408 , H04L63/20 , H04L67/142
Abstract: A session table includes one or more records, where each record represents a session. Session record information is stored in various fields, such as key fields, value fields, and timestamp fields. Session information is described as keys and values in order to support query/lookup operations. A session table is associated with a filter, which describes a set of keys that can be used for records in that table. A session table is populated using data contained in security information/events. Rules are created to identify events related to session information, extract the session information, and use the session information to modify a session table. A session table is partitioned so that the number of records in each session table partition is decreased. A session table is processed periodically so that active sessions are moved to the current partition.
Abstract translation: 会话表包含一个或多个记录,其中每个记录代表一个会话。 会话记录信息存储在各个字段中,如关键字段,值字段和时间戳字段。 会话信息被描述为键和值以支持查询/查找操作。 会话表与过滤器相关联,该过滤器描述可用于该表中的记录的一组密钥。 会话表使用安全信息/事件中包含的数据填充。 创建规则以识别与会话信息相关的事件,提取会话信息并使用会话信息修改会话表。 会话表被分区,以便减少每个会话表分区中的记录数。 会话表会定期处理,以便将活动会话移动到当前分区。
-
公开(公告)号:WO2013180708A1
公开(公告)日:2013-12-05
申请号:PCT/US2012/040022
申请日:2012-05-30
Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. , ZHAO, Zhipeng , WANG, Yanlin , SINGLA, Anurag
Inventor: ZHAO, Zhipeng , WANG, Yanlin , SINGLA, Anurag
CPC classification number: H04L63/1408 , H04L43/04
Abstract: Pattern discovery performed on event data may include selecting an initial set of parameters for the pattern discovery. The parameters may specify conditions for identifying a pattern in the event data. A pattern discovery run is executed on the event data based on the initial set of parameters, and a parameter may be adjusted based on the output of the pattern discovery run.
Abstract translation: 对事件数据执行的模式发现可以包括为模式发现选择一组初始参数。 参数可以指定用于识别事件数据中的模式的条件。 基于初始参数集在事件数据上执行模式发现运行,并且可以基于模式发现运行的输出来调整参数。
-
-
-
-
-
-
-
-
-
Search Results
14
records
(took 0.009 seconds)
