公开(公告)号：US20220327409A1

公开(公告)日：2022-10-13

申请号：US17848239

申请日：2022-06-23

Applicant: Elasticsearch B.V.

Inventor： Stephen Dodson ,  Thomas Veasey

IPC: G06N7/00 ,  G06N20/00 ,  G06F16/21 ,  G06F21/56 ,  H04L9/40

Abstract: Real time detection of cyber threats using behavioral analytics is disclosed. An example method includes obtaining, in real time, attributes for an entity within a population of entities, the attributes being indicative of entity behavior; building an entity probability model using the attributes and associated values collected over a period of time; and establishing a control portion of the entity probability model associated with a portion of the period of time. The example method includes comparing any of the entity attribute values and the entity probability model for other portions of the period of time to the control portion to identify one or more anomalous differences, and executing a remediation action based thereon. Some embodiments include determining a set comprising the anomalous differences and additional anomalous differences for the entity or the entity's peer group, and calculating the set's overall probability to determine if the entity is malicious.

公开(公告)号：US20220277093A1

公开(公告)日：2022-09-01

申请号：US17748964

申请日：2022-05-19

Applicant: Elasticsearch B.V.

Inventor： Courtney Ewing

IPC: G06F21/62 ,  G06F21/60 ,  G06F21/31 ,  H04L9/40 ,  G06F9/451

Abstract: Methods and systems for enabling organization and control of dashboards, visualizations, and other saved data objects into spaces. An exemplary method includes, based on at least one role of a user, controlling the user's access to a default space and to other spaces of a plurality of spaces, such that the only spaces that the user can access are the default space and the one or more other spaces. Each space can contain a number of saved objects such as dashboards, visualizations, or other objects. The method can provide a graphical user interface for enabling the user to select, as a current space, the default space or one of the other spaces; and in response to the selection, automatically saving new objects generated by the user into the current space; wherein each of the spaces is configured to provide access to certain data objects only or access to certain applications only.

公开(公告)号：US11423478B2

公开(公告)日：2022-08-23

申请号：US15406251

申请日：2017-01-13

Applicant: Elasticsearch B.V.

Inventor： Stephen Dodson

IPC: G06Q40/04

Abstract: A system and method for detecting fraudulent activity in the execution of transactions is disclosed. The system comprises a monitoring device for reviewing data relating to execution of transactions, a transaction profile and an alert module. The transaction profile includes a plurality of historic data items relating to typical transactions, which can be compared with current execution of transactions to generate an alert by the alert module if unusual activity is determined.

公开(公告)号：US20220100857A1

公开(公告)日：2022-03-31

申请号：US17035043

申请日：2020-09-28

Applicant: Elasticsearch B.V.

Inventor： Robert Filar ,  David French

IPC: G06F21/56 ,  G06F16/901 ,  G06N20/00

Abstract: Systems and methods of anomalous pattern discovery and mitigation are disclosed herein. An example method includes creating a graph of processes performed by a computer system using edges of the processes and metadata including properties or artifacts of the edges or processes, the edges identify a connection between a parent process and a child process, and detecting anomalous parent-child process chains of the processes by assigning edge weights to the edges of the processes using a supervised learning process that has been trained to identify malicious edges and benign edges to create a weighted graph, the edge weights including predicted class probabilities that are indicative of the processes being malicious, and performing community detection on the weighted graph using an unsupervised learning technique to identify the anomalous parent-child process chains.

公开(公告)号：US20220075646A1

公开(公告)日：2022-03-10

申请号：US17012879

申请日：2020-09-04

Applicant: Elasticsearch B.V.

Inventor： Gabriel D. Landau ,  Joseph W. Desimone

IPC: G06F9/48 ,  G06F9/54 ,  G06F9/50 ,  G06F11/30 ,  G06F21/56

Abstract: Systems and methods for monitoring a process a provided. An example method commences with providing a management platform. The management platform is configured to receive user rules for processing at least one function call within the process. A high-level script can be used based on the user rules to develop and install at least one library to execute synchronously within the process. The at least one library can be configured to monitor the process for at least one function call and capture argument values of the function call before the argument values are passed to a function. The at least one library can filter the function call based at least in part on the argument values. The method can continue with selectively creating an API event for execution by a dedicated worker thread. The execution of the API event is performed asynchronously with regard to the process.

公开(公告)号：US20220035555A1

公开(公告)日：2022-02-03

申请号：US17505382

申请日：2021-10-19

Applicant: Elasticsearch B.V.

Inventor： Boaz Leskes

IPC: G06F3/06 ,  G06F16/23 ,  G06F16/22

Abstract: Methods and systems for index lifecycle management are provided. Exemplary methods include: receiving an ILM policy; determining a first condition and a first action for a first phase using the ILM policy; performing the first action for the first phase when the first condition is met; transition from the first phase to a second phase; determining a second condition and a second action for the second phase using the ILM policy; performing the second action for the second phase when the second condition is met; transition from the second phase to a third phase; determining a third condition and a third action for the third phase using the ILM policy; performing the third action for the third phase when the third condition is met; transition from the third phase to a fourth phase; and deleting the index during the third phase.

公开(公告)号：US20210344750A1

公开(公告)日：2021-11-04

申请号：US17373547

申请日：2021-07-12

Applicant: Elasticsearch B.V.

Inventor： Yannick Welsch ,  David Christopher Turner

IPC: H04L29/08 ,  H04L29/14 ,  H04L12/24

Abstract: Node clustering configuration is disclosed herein. An example method includes determining nodes of a cluster, each of the nodes having a unique identifier and a cluster identifier for the cluster, determining a voting configuration for the cluster, the voting configuration defining a quorum of master-eligible nodes of the nodes, the voting configuration being adaptable so as to maintain an optimal level of fault tolerance for the cluster, adding and removing nodes that can change the voting configuration, configuring a cluster configuration through an API, and electing one of the master-eligible nodes as a master node.

公开(公告)号：US11122118B2

公开(公告)日：2021-09-14

申请号：US16670763

申请日：2019-10-31

Applicant: Elasticsearch B.V.

Inventor： Yannick Welsch ,  David Christopher Turner

IPC: H04L29/08 ,  H04L12/24 ,  H04L29/14

Abstract: Node clustering configuration is disclosed herein. An example method includes determining nodes of a cluster, each of the nodes having a unique identifier and a cluster identifier for the cluster, determining a voting configuration for the cluster, the voting configuration defining a quorum of master-eligible nodes of the nodes, the voting configuration being adaptable so as to maintain an optimal level of fault tolerance for the cluster, and electing one of the master-eligible nodes as a master node.

公开(公告)号：US20210263950A1

公开(公告)日：2021-08-26

申请号：US17243078

申请日：2021-04-28

Applicant: Elasticsearch B.V.

Inventor： Zachary Tong

IPC: G06F16/25 ,  G06F16/22 ,  G06F16/2455

Abstract: Systems and methods for reducing data storage overhead are disclosed herein. In some embodiments, a system includes a rollup service that converts a raw data set into a rolled up index that takes up less storage than the raw data but is created in such a way that the rolled up index can be queried so as to generate responses that will substantially correspond to responses that would be generated using the raw data.

公开(公告)号：US20210124620A1

公开(公告)日：2021-04-29

申请号：US17142118

申请日：2021-01-05

Applicant: Elasticsearch B.V.

Inventor： Simon Daniel Willnauer

IPC: G06F9/50 ,  G06F9/54 ,  H04L29/08

Abstract: Methods and systems for searching a frozen index are provided. Exemplary methods include: a method may comprise: receiving an initial search and a subsequent search; loading the initial search and the subsequent search into a throttled thread pool, the throttled thread pool including; getting the initial search from the throttled thread pool; storing a first shard from a mass storage in a memory in response to the initial search; performing the initial search on the first shard; providing first top search result scores from the initial search; and removing the first shard from the memory when the initial search is completed.