公开(公告)号：US20250023892A1

公开(公告)日：2025-01-16

申请号：US18222393

申请日：2023-07-14

Applicant: ServiceNow, Inc.

Inventor： Shay Herzog ,  Aakash Umeshbhai Bhagat ,  Olga Zateikin ,  Robert Bitterfeld ,  Asaf Garty

IPC: H04L9/40 ,  H04L41/16

Abstract: A method and system for detecting malicious activities in an IT infrastructure, determining its impact to the IT infrastructure, and determining the associated remedial actions are disclosed. Data communication between a plurality of computer processes is tracked. At least one process of the plurality of computer processes is identified as an anomalous process with respect to at least some of the plurality of computer processes. A first computer process of the plurality of computer processes that is affected by the anomalous computer process is identified based on at least a portion of the tracking. An indication of the identified first computer process that is affected by the anomalous computer process is provided.

公开(公告)号：US12143268B2

公开(公告)日：2024-11-12

申请号：US18095735

申请日：2023-01-11

Applicant: ServiceNow, Inc.

Inventor： Asaf Garty

IPC: G06F15/177 ,  H04L12/24 ,  H04L12/743 ,  H04L12/803 ,  H04L12/819 ,  H04L41/0853 ,  H04L41/0859 ,  H04L47/70 ,  H04L67/133

Abstract: An embodiment may involve receiving an account identifier, wherein the account identifier is associated with a service account; transmitting a first API query to a remote computing system based on the account identifier; receiving first information associated with a first resource based on the first API query, wherein the first resource corresponds to a cloud orchestrator associated with a first service provided by the remote computing system; transmitting a first set of queries to the remote computing system based on the first information; receiving second information about a cluster of resources, associated with the first resource, based on the first set of queries, wherein a set of services related to the first service are deployed in one or more resources of the cluster of resources; generating a relationship map between the first resource and the cluster of resources based on the second information; and outputting the relationship map.

公开(公告)号：US20240231919A1

公开(公告)日：2024-07-11

申请号：US18095332

申请日：2023-01-10

Applicant: ServiceNow, Inc.

Inventor： Tom Bar Oz ,  Shay Herzog ,  Sapir Keidar ,  Asaf Garty

IPC: G06F9/50

CPC classification number: G06F9/5027

Abstract: An example embodiment may involve requesting and receiving, from a distributed computing platform, resource indicators that specify a set of resources provided by the distributed computing platform, wherein the set of resources is associated with a user identifier; parsing the resource indicators to locate datacenter indicators in the set of resources, wherein the datacenter indicators identify in-use datacenters of the distributed computing platform; and performing pattern-based discovery, within the in-use datacenters, of computing resources of the distributed computing platform that are associated with the user identifier.

公开(公告)号：US11908466B2

公开(公告)日：2024-02-20

申请号：US16896900

申请日：2020-06-09

Applicant: ServiceNow, Inc.

Inventor： Asaf Garty ,  Robert Bitterfeld

IPC: G06F3/16 ,  G06F40/284 ,  G06F40/242 ,  G10L15/22 ,  G10L15/26 ,  G10L15/30

CPC classification number: G10L15/22 ,  G06F3/167 ,  G06F40/284 ,  G10L15/26 ,  G10L15/30 ,  G06F40/242 ,  G10L2015/223

Abstract: One or more parameters of one or more processes identified as belonging to a specific process grouping among a plurality of process groupings are obtained. Eligible token words in the one or more parameters are identified. The eligible token words are processed to select a subset within the eligible token words that are likely descriptive of the specific process grouping. The selected subset within the eligible token words is utilized to determine a descriptive identifier associated with the specific process grouping.

公开(公告)号：US11831729B2

公开(公告)日：2023-11-28

申请号：US17207166

申请日：2021-03-19

Applicant: ServiceNow, Inc.

Inventor： Shay Herzog ,  Aakash Umeshbhai Bhagat ,  Olga Zateikin ,  Robert Bitterfeld ,  Asaf Garty

IPC: G06N20/00 ,  G06F18/22 ,  G06F18/23 ,  H04L67/00

CPC classification number: H04L67/34 ,  G06F18/22 ,  G06F18/23 ,  G06N20/00

Abstract: A computing system includes persistent storage configured to store representations of software applications installed on computing devices, and a software application configured to perform operations, including retrieving, from the persistent storage, a first plurality of representations of a first plurality of software applications installed on a particular computing device and a second plurality of representations of a second plurality of software applications installed on a reference computing device. The operations also include determining a device fingerprint of the particular computing device based on the first plurality of representations and a reference device fingerprint of the reference computing device based on the second plurality of representations, and comparing the device fingerprint to the reference device fingerprint. The operations further include, based on the comparing, determining a disparity between software applications installed on the particular computing device and the reference computing device, and storing, in the persistent storage, a representation of the disparity.

公开(公告)号：US11632303B2

公开(公告)日：2023-04-18

申请号：US17065381

申请日：2020-10-07

Applicant: ServiceNow, Inc.

Inventor： Robert Bitterfeld ,  Asaf Garty

IPC: H04L41/14 ,  H04L43/045 ,  G06F40/40 ,  G06F8/65 ,  H04L41/22 ,  G06F40/109 ,  H04L41/0853 ,  H04L41/12

Abstract: A computing system includes persistent storage configured to store representations of software applications that include textual data respectively indicative of attributes of the software applications, and a mapping application configured to perform operations. The operations include retrieving a representation corresponding to a software application and, based thereon, identifying character strings present within textual data associated therewith. The operations also include generating, for each character string, a corresponding weight based on a frequency of the character string within the particular textual data and a frequency of the character string within textual data associated with at least a subset of the software applications. The operations additionally include selecting, from the character strings and based on the corresponding weights, candidate tags for the particular software application. The operations further include generating a mapping between the software application and a computing resource based on the candidate tags, and storing a representation of the mapping.

公开(公告)号：US11463323B2

公开(公告)日：2022-10-04

申请号：US16928802

申请日：2020-07-14

Applicant: SERVICENOW, INC

Inventor： Hail Tal ,  Yuval Rimar ,  Qingbin Li ,  Leonid Suslov ,  Robert Bitterfeld ,  Asaf Garty ,  Sreenevas Subramaniam

IPC: H04L41/16 ,  H04L41/12 ,  G06K9/62 ,  H04L41/0816 ,  G06N20/00

Abstract: Embodiments presented herein provide apparatus and techniques for identifying and classifying processes and associated applications executing in a network. All processes executing in a network may be identified using a discovery process. The processes may be clustered based on associations between the processes. Suggested application entries may then be generated based at least in part on the clusters of processes. A configuration item type and a discovery pattern may be generated for each suggested application entry. A subsequent discovery process may use the configuration item type and discovery patterns to identify associated configuration items in the network.

公开(公告)号：US20210382947A1

公开(公告)日：2021-12-09

申请号：US16896895

申请日：2020-06-09

Applicant: ServiceNow, Inc.

Inventor： Asaf Garty ,  Robert Bitterfeld

IPC: G06F16/903 ,  G06F16/906 ,  G06K9/62

Abstract: A regular expression that is able to be used to identify an item as belonging to a specific group among a plurality of different groups is determined. The regular expression is tested against a sampling of items known to belong to the specific group to determine a true positive metric. The regular expression is tested against a sampling of items known to belong to other groups among the plurality of different groups outside the specific group to determine a false positive metric. An accuracy metric of the determined regular expression is calculated based at least in part on the true positive metric and the false positive metric. The accuracy metric is provided for use in evaluating the regular expression.

公开(公告)号：US20210194764A1

公开(公告)日：2021-06-24

申请号：US16721526

申请日：2019-12-19

Applicant: ServiceNow, Inc.

Inventor： Daniel Badyan ,  Bary Solomon ,  Hail Tal ,  Asaf Garty ,  Shiri Hameiri ,  Alexandra Feiguine ,  Shay Herzog

IPC: H04L12/24 ,  G06F9/455 ,  G06F9/50 ,  G06F16/22 ,  H04L29/08

Abstract: An embodiment includes a computational instance of a remote network management platform that is associated with a managed network, wherein a database is disposed within the computational instance. One or more processors are configured to execute discovery of a supervisor device disposed in the managed network, which involves: (i) executing a first general discovery pattern, (ii) executing a supervisor device discovery pattern, and (iii) identifying a first set of configuration and operational parameters of the supervisor device, one or more physical devices managed by the supervisor device, and virtual devices hosted by each of the one or more physical devices. The one or more processors may also be configured to execute discovery of a particular virtual device of the virtual devices, which involves: (i) executing a second general discovery pattern, and (ii) identifying a second set of configuration and operational parameters of the particular virtual device.

公开(公告)号：US11032381B2

公开(公告)日：2021-06-08

申请号：US16445914

申请日：2019-06-19

Applicant: ServiceNow, Inc.

Inventor： Alexandra Feiguine ,  Shay Herzog ,  Shiri Hameiri ,  Daniel Badyan ,  Asaf Garty ,  Robert Bitterfeld

IPC: H04L29/08 ,  H04L9/08 ,  G06F9/48 ,  H04L12/24

Abstract: A system may contain a computational instance including persistent storage that maintains a discovery pattern and credentials for a cloud-based service, where the cloud-based service provides a remote computing infrastructure. The system may also contain one or more processors configured to: remotely access, using the credentials, the cloud-based service; execute the discovery pattern to obtain copies of tags configured in the cloud-based service, where the tags each include key fields, value fields, and resource identifier fields, and where the resource identifier fields uniquely specify respective computational resources of the cloud-based service; associate the tags that were discovered to configuration item representations of the respective computational resources; and store, in the persistent storage, the tags and their associations to the configuration item representations.