公开(公告)号：US20210306200A1

公开(公告)日：2021-09-30

申请号：US17329124

申请日：2021-05-24

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Robert Duncan Harper

IPC: H04L12/24 ,  G06F16/951 ,  H04L12/26 ,  H04L29/06 ,  H04L29/08

Abstract: A system is provided that executes artificial intelligence for unstructured data. A memory coupled to a processor that executes instructions for: a first engine using artificial intelligence (AI) to create a structured event or scraped structured event records from unstructured and semi-structured log messages; an extraction engine in communication with a managed infrastructure and the first engine, the extraction engine configured to receive managed infrastructure data; and a signaliser engine that includes one or more of a NMF engine, a k-means clustering engine and a topology proximity engine, the signaliser engine inputting a list of devices and a list a connection between components or nodes in the managed infrastructure, the signaliser engine determining one or more common characteristics and produces one or more clusters of events.

公开(公告)号：US10979304B2

公开(公告)日：2021-04-13

申请号：US15810297

申请日：2017-11-13

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Stuart Broad ,  Richard Whitehead

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/06 ,  H04L12/46 ,  H04L29/08 ,  G06F16/951

Abstract: A system is provided for clustering events. A first engine is configured to receive message data from a managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information, The at least one engine is configured to determine common characteristics of events and produce clusters of events relating to the failure of errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in a physical hardware of the managed infrastructure directed to supporting the flow and processing of information. The first engine is configured to create one or more situations that is a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure. A second engine is configured to determine one or more common steps from events and produces clusters relating to events. The second engine determines one or more common characteristics of events and producing clusters of events relating to the failure or errors in the managed infrastructure. A statistical analytical engine is included.

公开(公告)号：US10884835B2

公开(公告)日：2021-01-05

申请号：US15441426

申请日：2017-02-24

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Robert Duncan Harper ,  Charles Mike Silvey ,  Andrew John Leonard ,  Jeffrey Ellison Townsend

IPC: G06F11/07 ,  H04L12/24 ,  G06F16/28 ,  G06F16/35 ,  G06F16/904 ,  H04L12/58 ,  G06F3/0481 ,  G06Q10/00

Abstract: A user interface system includes an extraction engine in communication with a managed infrastructure. The extraction engine in operation receives messages from the managed infrastructure and produces events that relate to the managed infrastructure and converts the events into words and subsets used to group the events into clusters that relate to failures or errors in the managed infrastructure includes managed infrastructure physical hardware. The managed infrastructure supports the flow and processing of information. A sigalizer engine includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine. The sigalizer engine determines one or more common steps from events and produces clusters relating to events. The sigalizer engine determines one or more common characteristics of events and produces clusters of events relating to the failure or errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. A situation room is coupled to or includes a dashboard display computer system, a data system and a user interface (UI) configured to display situations associated with the managed infrastructure.

公开(公告)号：US10803133B2

公开(公告)日：2020-10-13

申请号：US15833046

申请日：2017-12-06

Applicant: Moogsoft Inc.

Inventor： Philip Tee

IPC: G06F16/9535 ,  H04L12/24 ,  G06Q10/10 ,  H04L12/58 ,  G06F17/10 ,  G06F16/35

Abstract: An event clustering system includes an extraction engine and a signalizer engine. The extraction engine is in communication with a managed infrastructure. In operation the extraction engine receives messages from the managed infrastructure and produces events that relate to the managed infrastructure. The events are converted into words and subtexts that are used to group the events into clusters relating to failures or errors in the managed infrastructure physical hardware. The managed infrastructure supports the flow and processing of information. The signalizer engine determines one or more common characteristics of events and produces clusters of events relating to the failure or errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware of the managed infrastructure directed to supporting the flow and processing of information. In response to production of the clusters of events one or more physical changes in a managed infrastructure hardware is made.

公开(公告)号：US10791148B2

公开(公告)日：2020-09-29

申请号：US16206283

申请日：2018-11-30

Applicant: Moogsoft, Inc.

Inventor： Philip Tee ,  Robert Duncan Harper ,  Charles Mike Silvey

IPC: G06F11/00 ,  H04L29/06 ,  G06F11/07 ,  G06F21/55 ,  G06F3/0484 ,  G06F3/0481 ,  H04L12/26 ,  H04L12/24

Abstract: A system is in communication with a managed infrastructure comprising. At least a first engine one engine receives message data from managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information. The at least first engine one engine determines common characteristics of events, and produces clusters of events relating to the failure of errors in the managed infrastructure. A second engine uses a source address for each of an event and a graph topology of the managed infrastructure that represents a node to node connectivity and a graph coordinate for each of an event, with an optional subset of attributes extracted for each of an event. The second engine provides a list of connections between components or nodes in the managed infrastructure. A display computer system has a collaborative interface (UI) accessible by at least two parties for situations relative to clustered messages relating to the managed infrastructure. The collaborative interface allows the at least two parties to take an action relative to a clustered message. In response to production of the clusters, one or more physical changes in a managed infrastructure hardware is made. In response to the production of the clusters, security of the managed infrastructure is maintained.

公开(公告)号：US10715379B2

公开(公告)日：2020-07-14

申请号：US16041851

申请日：2018-07-23

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Richard Whitehead

IPC: H04L12/24 ,  H04L29/08 ,  H04L29/06 ,  H04L12/26 ,  G06F16/951

Abstract: A system is provided for decomposing events from managed infrastructures. A first engine is configured to receive message data from a managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information, the at least one engine is configured to determine common characteristics of events and produce clusters of events relating to the failure of errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in a physical hardware of the managed infrastructure directed to supporting the flow and processing of information. The first engine is configured to create one or more situations that is a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure. A second engine is configured to determine one or more common steps from events and produces clusters relating to events. The second engine determines one or more common characteristics of events and produces clusters of events relating to the failure or errors in the managed infrastructure. An anomaly engine is configured to perform bitwise operations.

公开(公告)号：US10425291B2

公开(公告)日：2019-09-24

申请号：US15811667

申请日：2017-11-13

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Robert Harper

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26

Abstract: An event clustering system is provided that in response to a time series infers a network topology. Matrices W and H are estimated as a local minimum. For each pair of nodes: (i) a computation of the convolution is made; a number of peaks within the convolution is a function of a delay; and a comparison is made to an average behavior of a pair of nodes that emits the same number of alerts. Alerts are only spread to adjacent nodes, alerts are caused by dysfunctional nodes that do not emit alerts, and a true topology coincides with the end of the recording.

公开(公告)号：US10402428B2

公开(公告)日：2019-09-03

申请号：US15376110

申请日：2016-12-12

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Peter Spreenberg

IPC: G06F16/22 ,  G06F16/28 ,  H04L12/24 ,  H04L12/26

Abstract: An event clustering system includes an extraction engine in communication with a managed infrastructure. A sigalizer engine that includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine. The sigalizer engine determines one or more common characteristics or features from events that includes one or more event parameters. The sigalizer engine uses the common features of events to produce clusters of events relating to the failure or errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. Each of an event parameter is converted into a numerical representation.

公开(公告)号：US20190129783A1

公开(公告)日：2019-05-02

申请号：US16232110

申请日：2018-12-26

Applicant: Moogsoft, Inc.

Inventor： Philip Tee ,  Robert Duncan Harper ,  Charles Mike Silvey

IPC: G06F11/07 ,  G06F16/904 ,  H04L12/24 ,  G06F16/28 ,  G06F3/0481 ,  H04L12/58 ,  G06F16/35

Abstract: A method is provided for communication with a managed infrastructure. Messages are received at an extraction engine from managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information. Events are produced that relate to the managed infrastructure. The events are converted into words and subsets used to group the events that relate to failures or errors in the managed infrastructure, including the managed infrastructure physical hardware. One or more common characteristics of events are determined. Clusters of events are produced relating to the failure or errors in the managed infrastructure. A source address is used for each event and a graph topology of the managed infrastructure to assign a graph coordinate to the event. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. In response to production of the clusters one or more physical changes is made in a managed infrastructure hardware and security of the managed infrastructure is maintained.

公开(公告)号：US20180336081A1

公开(公告)日：2018-11-22

申请号：US15811715

申请日：2017-11-14

Applicant: Moogsoft Inc.

Inventor： Philip Tee

IPC: G06F11/07 ,  H04L12/24 ,  G06F17/30 ,  G06N3/08

CPC classification number: G06F11/0709 ,  G06F11/0751 ,  G06F11/0769 ,  G06F11/079 ,  G06F11/30 ,  G06F17/30598 ,  G06F2201/86 ,  G06N3/08 ,  G06Q10/06 ,  H04L41/0604 ,  H04L41/0631 ,  H04L41/065 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/142 ,  H04L41/145 ,  H04L41/16 ,  H04L43/045 ,  H04L51/16 ,  H04L67/22 ,  H04L67/26

Abstract: An event clustering system that has an extraction engine in communication with a managed infrastructure. A signalizer engine includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine. The signalizer engine determines one or more common characteristics or features from events. The signalizer engine uses the common features of events to produce clusters of events relating to the failure or errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. A feedback signalizer functor is provided that is a supervised machine learning approach to train to reproduce a situation. In response to production of the clusters one or more physical changes in a managed infrastructure hardware is made, where the hardware supports the flow and processing of information.