公开(公告)号：US20180359135A1

公开(公告)日：2018-12-13

申请号：US16041792

申请日：2018-07-22

Applicant: Moogsoft Inc.

Inventor： Philip Tee

IPC: H04L12/24 ,  H04L29/08 ,  H04L29/06 ,  H04L12/26 ,  G06F17/30

CPC classification number: H04L41/046 ,  G06F16/951 ,  H04L12/1895 ,  H04L41/064 ,  H04L41/065 ,  H04L41/0886 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/142 ,  H04L41/145 ,  H04L41/22 ,  H04L43/067 ,  H04L43/0823 ,  H04L43/10 ,  H04L63/0227 ,  H04L63/029 ,  H04L63/102 ,  H04L63/1408 ,  H04L63/1425 ,  H04L67/34 ,  H04L67/42

Abstract: A system is provided for clustering events. A first engine configured to receive message data from managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information. The at least one engine is configured to determine common characteristics of events and produce clusters of events relating to failure of errors in the managed infrastructure, where membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. The at least one engine is configured to create one or more situations that is a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure. A second engine is configured to determine one or more common steps from events and produces clusters relating to events. The second engine determines one or more common characteristics of events and produces clusters of events relating to the failure or errors in the managed infrastructure. An anomaly engine is configured to perform bitwise operations. A change to a managed infrastructure physical hardware component is made.

公开(公告)号：US10050910B2

公开(公告)日：2018-08-14

申请号：US15375958

申请日：2016-12-12

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Robert Harper

IPC: G06F15/16 ,  H04L12/58 ,  H04L12/24 ,  H04L29/08

Abstract: An event clustering system has an extraction engine in communication with a managed infrastructure. A signalizer engine includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine. The signalizer engine determines one or more common characteristics or features from events, the signalizer engine using the common features of events to produce clusters of events relating to the failure or errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. The system is configured to group two or more situations, where a situation is a collection of one or more events or alerts representative of a problem in the managed infrastructure.

公开(公告)号：US20180181665A1

公开(公告)日：2018-06-28

申请号：US15854001

申请日：2017-12-26

Applicant: Moogsoft Inc.

Inventor： Philip Tee

IPC: G06F17/30 ,  H04L12/58 ,  H04L12/24 ,  G06F17/10 ,  G06Q10/10

CPC classification number: G06F16/9535 ,  G06F16/35 ,  G06F17/10 ,  G06Q10/107 ,  H04L41/0253 ,  H04L41/0604 ,  H04L41/0893 ,  H04L51/12 ,  H04L51/16

Abstract: A system is provided for clustering events. A first engine is configured to receive message data from managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information. A second engine determines common characteristics of events and produces clusters of events relating to the failure of errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. One or more situations is created that is a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure. In response to the production of the clusters one or more physical changes is made to at least a portion of the managed infrastructure hardware.

公开(公告)号：US20180159744A1

公开(公告)日：2018-06-07

申请号：US15811667

申请日：2017-11-13

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Robert Harper

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/26

Abstract: An event clustering system is provided that in response to a time series infers a network topology. Matrices W and H are estimated as a local minimum. For each pair of nodes: (i) a computation of the convolution is made; a number of peaks within the convolution is a function of a delay; and a comparison is made to an average behavior of a pair of nodes that emits the same number of alerts. Alerts are only spread to adjacent nodes, alerts are caused by dysfunctional nodes that do not emit alerts, and a true topology coincides with the end of the recording.

公开(公告)号：US20170155538A1

公开(公告)日：2017-06-01

申请号：US15429371

申请日：2017-02-10

Applicant: Moogsoft, Inc.

Inventor： Philip Tee ,  Robert Duncan Harper ,  Charles Mike Silvey ,  Andrew John Leonard ,  Jeffrey Ellison Townsend

IPC: H04L12/24 ,  H04L29/06

Abstract: A user interface system includes a first engine configured to receive message data from managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information. A second engine determines common characteristics of events and produces clusters of events relating to the failure of errors in the managed infrastructure, where membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. One or more situations is created that is a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure. A display computer system generates a dashboard display that includes situations from clustered messages received from managed infrastructure, the display computer system coupled to or included in a situation room coupled to the first and second engines.

公开(公告)号：US20170153904A1

公开(公告)日：2017-06-01

申请号：US15430929

申请日：2017-02-13

Applicant: Moogsoft, Inc.

Inventor： Philip Tee ,  Robert Duncan Harper ,  Charles Mike Silvey ,  Andrew John Leonard ,  Jeffrey Ellison Townsend

IPC: G06F9/44 ,  G06F17/24 ,  G06F3/0484

CPC classification number: G06F9/451

Abstract: A user interface system includes a first engine configured to receive message data from managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information. A second engine determines common characteristics of events and produces clusters of events relating to the failure of errors in the managed infrastructure, where membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. One or more situations is created that is a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure. A situation room includes a user interface (UI) for decomposing events from managed infrastructures. In response to production of the clusters one or more physical changes in a managed infrastructure hardware is made, where the hardware supports the flow and processing of information.

公开(公告)号：US20170141947A1

公开(公告)日：2017-05-18

申请号：US15417497

申请日：2017-01-27

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Robert Harper ,  Charles Mike Silvey ,  Andrew John Leonard ,  Jeffrey Ellison Townsend

IPC: H04L12/24 ,  G06F17/30

CPC classification number: G06F11/0709 ,  G06F3/0481 ,  G06F11/0751 ,  G06F11/0769 ,  G06F11/0772 ,  G06F11/079 ,  G06F16/285 ,  G06F16/358 ,  G06F16/904 ,  G06Q10/00 ,  H04L41/0631 ,  H04L41/065 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/22 ,  H04L51/16 ,  H04L51/24

Abstract: A user interface system is provided. A first engine receives message data from managed infrastructure that includes managed infrastructure physical hardware which supports the flow and processing of information. A second engine determines common characteristics of events and produces clusters of events relating to the failure of errors in the managed infrastructure, where membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. One or more situations are created that are a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure. An external connection adapter is coupled to the first and second engines and configured to provide access to one or more data fields within a file. A display computer system maps using a graphical user interface the one or more data fields relating to situations from clustered messages received from managed infrastructure to data from one or more data sources. The display computer system generates a dashboard display from a configuration in the file that includes situations from clustered messages received from managed infrastructure.

公开(公告)号：US09607075B2

公开(公告)日：2017-03-28

申请号：US14262884

申请日：2014-04-28

Applicant: Moogsoft, Inc.

Inventor： Philip Tee ,  Robert Duncan Harper ,  Charles Mike Silvey ,  Andrew John Leonard ,  Jeffrey Ellison Townsend

IPC: G06F17/30 ,  H04L12/24 ,  H04L12/58 ,  G06Q10/00

CPC classification number: G06F11/0709 ,  G06F3/0481 ,  G06F11/0751 ,  G06F11/0769 ,  G06F11/0772 ,  G06F11/079 ,  G06F17/30598 ,  G06F17/30713 ,  G06F17/30994 ,  G06Q10/00 ,  H04L41/0631 ,  H04L41/065 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/22 ,  H04L51/16 ,  H04L51/24

Abstract: A computer-implemented method is provided that is stored on computer readable non-transitory media. One or more data fields are accessed within a file. Accessed data field, are mapped mapping on a display computer system. The accessed one or more data fields are from one or more data sources that relate to situations from clustering messages received from managed infrastructure. The mapping being performed based on a input of the situation summaries using a graphical user interface. Displayed on the display computer system are one or more dashboards of situations relative to summaries from clustering messages received from managed infrastructure. The one or more dashboards include at least one of actions that a user can take relative to clustered messages.

公开(公告)号：US20140325364A1

公开(公告)日：2014-10-30

申请号：US14262861

申请日：2014-04-28

Applicant: MOOGSOFT, INC.

Inventor： Philip Tee ,  Robert Duncan Harper ,  Charles Mike Silvey ,  Andrew John Leonard ,  Jeffrey Ellison Townsend

IPC: H04L12/58 ,  H04L12/24

CPC classification number: G06F11/0709 ,  G06F3/0481 ,  G06F11/0751 ,  G06F11/0769 ,  G06F11/0772 ,  G06F11/079 ,  G06F17/30598 ,  G06F17/30713 ,  G06F17/30994 ,  G06Q10/00 ,  H04L41/0631 ,  H04L41/065 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/22 ,  H04L51/16 ,  H04L51/24

Abstract: A computer-implemented method is provided that is stored on computer readable non-transitory media. One or more data fields are accessed within a file. Accessed data field, are mapped mapping on a display computer system. The accessed one or more data fields are from one or more data sources that relate to alerts from clustering messages received from managed infrastructure. The mapping being performed based on a input of the alert summaries using a graphical user interface. Displayed on the display computer system are one or more dashboards of alerts relative to summaries from clustering messages received from managed infrastructure. The one or more dashboards include at least one of actions that a user can take relative to clustered messages.

Abstract translation: 提供了一种存储在计算机可读非暂时介质上的计算机实现的方法。 在一个文件中访问一个或多个数据字段。 访问的数据字段是在显示计算机系统上的映射映射。 所访问的一个或多个数据字段来自与来自从被管理基础设施接收的聚类消息的警报相关的一个或多个数据源。 基于使用图形用户界面的警报摘要的输入来执行映射。 在显示计算机系统上显示的是相对于从被管理基础设施接收的聚类消息的摘要的警报的一个或多个仪表板。 一个或多个仪表板包括用户可以相对于聚集消息采取的动作中的至少一个。

公开(公告)号：US11159364B2

公开(公告)日：2021-10-26

申请号：US16204096

申请日：2018-11-29

Applicant: Moogsoft Inc.

Inventor： Philip Tee

IPC: G06F15/173 ,  H04L12/24 ,  H04L29/06 ,  G06F21/60 ,  G06F21/62 ,  G06K9/62

Abstract: A system is in communication with a managed infrastructure. An extraction engine is in communication with a managed infrastructure. The extraction engine is configured to receive managed infrastructure data and produces events as well as populates an entropy database with a dictionary of event entropy that can be included in the entropy database. A signalizer engine that includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine. The signalizer engine inputs a list of devices and a list of connections between components or nodes in the managed infrastructure. The signalizer engine determines one or more common characteristics and produces clusters of events relating to failure or errors in at least one of the devices and connections between components or nodes in the managed infrastructure. The events are converted into words and subsets to group the events into clusters that relate to security of the managed infrastructure. In response to grouping the events, physical changes are made to at least a portion of the physical hardware. In response to production of the clusters, security of the managed infrastructure is maintained.