公开(公告)号：US20190097871A1

公开(公告)日：2019-03-28

申请号：US16204096

申请日：2018-11-29

Applicant: Moogsoft, Inc.

Inventor： Philip Tee

IPC: H04L12/24 ,  H04L29/06 ,  G06F21/60 ,  G06F21/62 ,  G06K9/62

Abstract: A system is in communication with a managed infrastructure. An extraction engine is in communication with a managed infrastructure. The extraction engine is configured to receive managed infrastructure data and produces events as well as populates an entropy database with a dictionary of event entropy that can be included in the entropy database. A signalizer engine that includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine. The signalizer engine inputs a list of devices and a list of connections between components or nodes in the managed infrastructure. The signalizer engine determines one or more common characteristics and produces clusters of events relating to failure or errors in at least one of the devices and connections between components or nodes in the managed infrastructure. The events are converted into words and subsets to group the events into clusters that relate to security of the managed infrastructure. In response to grouping the events, physical changes are made to at least a portion of the physical hardware. In response to production of the clusters, security of the managed infrastructure is maintained.

公开(公告)号：US10243779B2

公开(公告)日：2019-03-26

申请号：US15432081

申请日：2017-02-14

Applicant: Moogsoft, Inc.

Inventor： Philip Tee ,  Robert Duncan Harper ,  Charles Mike Silvey

IPC: G06F11/00 ,  H04L12/24 ,  H04L29/06 ,  H04L12/58 ,  H04L29/08 ,  G06F11/07 ,  G06F17/30 ,  G06F11/30 ,  H04L12/26

Abstract: A system is provided for clustering events. At least one engine is configured to receive message data from managed infrastructure that includes managed infrastructure physical hardware which supports the flow and processing of information. The at least one engine is configured to determine common characteristics of events and produce clusters of events relating to the failure of errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. The at least one engine is configured to create one or more situations that is a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure. A situation room includes a collaborative interface (UI) for decomposing events from managed infrastructures. In response to production of the clusters one or more physical changes in a managed infrastructure hardware is made, where the hardware supports the flow and processing of information.

公开(公告)号：US10146851B2

公开(公告)日：2018-12-04

申请号：US14605872

申请日：2015-01-26

Applicant: Moogsoft, Inc.

Inventor： Philip Tee ,  Robert Duncan Harper ,  Charles Mike Silvey

IPC: G06F17/00 ,  G06F17/20 ,  G06F17/30 ,  H04L12/24 ,  H04L12/58 ,  G06Q10/00

Abstract: Methods are provided for clustering events. Data is received at an extraction engine from managed infrastructure. Events are converted into alerts and the alerts mapped to a matrix M. One or more common steps are determined from the events and clusters of events are produced relating to the alerts and or events.

公开(公告)号：US20170250932A1

公开(公告)日：2017-08-31

申请号：US15375958

申请日：2016-12-12

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Peter Spreenberg

IPC: H04L12/58 ,  H04L29/08 ,  H04L12/24

CPC classification number: H04L51/04 ,  H04L41/046 ,  H04L41/0893 ,  H04L41/145 ,  H04L43/045 ,  H04L43/08 ,  H04L51/12 ,  H04L67/04 ,  H04L67/12 ,  H04L67/16 ,  H04L67/22 ,  H04L67/26 ,  H04L69/40

Abstract: An event clustering system has an extraction engine in communication with a managed infrastructure. A signalizer engine includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine. The signalizer engine determines one or more common characteristics or features from events, the signalizer engine using the common features of events to produce clusters of events relating to the failure or errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. The system is configured to group two or more situations, where a situation is a collection of one or more events or alerts representative of a problem in the managed infrastructure.

公开(公告)号：US20170104650A1

公开(公告)日：2017-04-13

申请号：US15382884

申请日：2016-12-19

Applicant: Moogsoft, Inc.

Inventor： Philip Tee ,  Robert Duncan Harper ,  Charles Mike Silvey

IPC: H04L12/26 ,  H04L12/24 ,  H04L29/08

Abstract: A system is provided for clustering events. A first engine is configured to receive message data from managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information. A second engine determines common characteristics of events and produces clusters of events relating to a failure of errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. One or more situations are created that is a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure. In response to the production of the clusters one or more physical changes in the managed infrastructure hardware.

公开(公告)号：US20170103119A1

公开(公告)日：2017-04-13

申请号：US15385304

申请日：2016-12-20

Applicant: Moogsoft, Inc.

Inventor： Philip Tee ,  Robert Duncan Harper ,  Charles Mike Silvey ,  Andrew John Leonard

IPC: G06F17/30 ,  G06F3/0481

CPC classification number: G06F11/0709 ,  G06F3/0481 ,  G06F11/0751 ,  G06F11/0769 ,  G06F11/0772 ,  G06F11/079 ,  G06F16/285 ,  G06F16/358 ,  G06F16/904 ,  G06Q10/00 ,  H04L41/0631 ,  H04L41/065 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/22 ,  H04L51/16 ,  H04L51/24

Abstract: A user interface system has a first engine in communication with a managed infrastructure and configured to receive messages from the managed infrastructure. The managed infrastructure includes physical hardware. A second engine is provided that determines one or more common steps from events and produces clusters of events relating to a failure or errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware of the managed infrastructure directed to supporting the flow and processing of information. In response to the production of the clusters one or more proposed physical hardware changes are suggested in a managed infrastructure hardware. A situation room is coupled to the first and second engines.

公开(公告)号：US20160218910A1

公开(公告)日：2016-07-28

申请号：US14606946

申请日：2015-01-27

Applicant: Moogsoft, Inc.

Inventor： Philip Tee

IPC: H04L12/24

CPC classification number: H04L41/046 ,  G06F17/30864 ,  H04L41/0886 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/142 ,  H04L41/145 ,  H04L41/22 ,  H04L43/067 ,  H04L43/0823 ,  H04L43/10 ,  H04L63/029 ,  H04L67/34 ,  H04L67/42

Abstract: A distributed system includes a plurality of managed devices, and at least one agent in communication with the managed devices. A polling server is in communication with the at least one agent with the at least one agent communicating over a subscribed bus. A portal bridge is in communication with the bus and communicates through a client's firewall to a Network System. A server includes or is coupled to a database of anomies and time series data.

Abstract translation: 分布式系统包括多个被管理设备，以及与被管理设备通信的至少一个代理。 轮询服务器与所述至少一个代理通信，所述至少一个代理通过订阅的总线通信。 门户网桥与总线通信，并通过客户端的防火墙与网络系统进行通信。 服务器包括或耦合到异常数据库和时间序列数据。

公开(公告)号：US20140324794A1

公开(公告)日：2014-10-30

申请号：US14262890

申请日：2014-04-28

Applicant: Moogsoft, Inc.

Inventor： Philip Tee ,  Robert Duncan Harper ,  Charles Mike Silvey

IPC: G06F17/30

CPC classification number: G06F11/0709 ,  G06F3/0481 ,  G06F11/0751 ,  G06F11/0769 ,  G06F11/0772 ,  G06F11/079 ,  G06F17/30598 ,  G06F17/30713 ,  G06F17/30994 ,  G06Q10/00 ,  H04L41/0631 ,  H04L41/065 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/22 ,  H04L51/16 ,  H04L51/24

Abstract: Methods are provided for clustering events. Data is received at an extraction engine from managed infrastructure. Events are converted into alerts and the alerts mapped to a matrix M. One or more common steps are determined from the events and clusters of events are produced relating to the alerts and or events.

Abstract translation: 为聚类事件提供了方法。 数据在提取引擎从受管基础设施接收。 将事件转换为警报，并将警报映射到矩阵M.一个或多个常见步骤是从与警报和/或事件有关的事件和事件集群确定的。

公开(公告)号：US11362881B2

公开(公告)日：2022-06-14

申请号：US16237663

申请日：2018-12-31

Applicant: Moogsoft Inc.

Inventor： Philip Tee

IPC: H04L41/046 ,  G06F16/951 ,  H04L41/14 ,  H04L67/00 ,  H04L9/40 ,  H04L43/067 ,  H04L41/08 ,  H04L41/12 ,  H04L67/01 ,  H04L43/10 ,  H04L43/0823 ,  H04L41/22 ,  H04L41/142 ,  H04L41/0893 ,  H04L41/0631

Abstract: A distributed system includes a client system with a plurality of managed devices. At least one agent is in communication with the managed devices. The one agent updates and changes at least one management policy. Anomaly detection is pushed out to the one agent. A dedicated polling server is in communication with the one agent. The one agent communicates over a subscribed bus, and runs on the dedicated polling server. A portal bridge is in communication with the bus and communicates through a client system firewall to a Network System. The portal bridge listens on the bus through a firewall of the client system. The one agent discovers a local environment and retrieves monitored client system parameters. The one agent performs at least one of: communicates a time data series or detects an anomaly, in response to a detection of a hole the at least one agent checks a value for an anomaly and detected anomalies are communicated to the server, when an anomaly is not detected the agent sends a time series data point to the repository and when there are changes in the monitored system parameters the agent loads the change and restarts with the polling. In response to anomaly detection one or more physical changes in a managed infrastructure hardware is made, where the hardware supports the flow and processing of information, and in response to production of the clusters security of the managed infrastructure is maintained.

公开(公告)号：US10700920B2

公开(公告)日：2020-06-30

申请号：US15213862

申请日：2016-07-19

Applicant: Moogsoft, Inc.

Inventor： Philip Tee

IPC: G06F15/18 ,  H04L12/24 ,  H04L29/08 ,  H04L12/58 ,  G06Q10/06

Abstract: An event clustering system and associated methods include a feedback signalizer functor that responds to user interactions with already formed situations. The system and method then learns how to replicate the same situation when new alerts reoccur, or, creates similar situations. The feedback signalizer functor is a supervised machine learning approach to train a signalizer functor to reproduce a situation at varying degrees of precision.