公开(公告)号：US10715379B2

公开(公告)日：2020-07-14

申请号：US16041851

申请日：2018-07-23

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Richard Whitehead

IPC: H04L12/24 ,  H04L29/08 ,  H04L29/06 ,  H04L12/26 ,  G06F16/951

Abstract: A system is provided for decomposing events from managed infrastructures. A first engine is configured to receive message data from a managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information, the at least one engine is configured to determine common characteristics of events and produce clusters of events relating to the failure of errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in a physical hardware of the managed infrastructure directed to supporting the flow and processing of information. The first engine is configured to create one or more situations that is a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure. A second engine is configured to determine one or more common steps from events and produces clusters relating to events. The second engine determines one or more common characteristics of events and produces clusters of events relating to the failure or errors in the managed infrastructure. An anomaly engine is configured to perform bitwise operations.

公开(公告)号：US10425291B2

公开(公告)日：2019-09-24

申请号：US15811667

申请日：2017-11-13

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Robert Harper

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26

Abstract: An event clustering system is provided that in response to a time series infers a network topology. Matrices W and H are estimated as a local minimum. For each pair of nodes: (i) a computation of the convolution is made; a number of peaks within the convolution is a function of a delay; and a comparison is made to an average behavior of a pair of nodes that emits the same number of alerts. Alerts are only spread to adjacent nodes, alerts are caused by dysfunctional nodes that do not emit alerts, and a true topology coincides with the end of the recording.

公开(公告)号：US10402428B2

公开(公告)日：2019-09-03

申请号：US15376110

申请日：2016-12-12

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Peter Spreenberg

IPC: G06F16/22 ,  G06F16/28 ,  H04L12/24 ,  H04L12/26

Abstract: An event clustering system includes an extraction engine in communication with a managed infrastructure. A sigalizer engine that includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine. The sigalizer engine determines one or more common characteristics or features from events that includes one or more event parameters. The sigalizer engine uses the common features of events to produce clusters of events relating to the failure or errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. Each of an event parameter is converted into a numerical representation.

公开(公告)号：US20190138372A1

公开(公告)日：2019-05-09

申请号：US16236385

申请日：2018-12-29

Applicant: Moogsoft, Inc.

Inventor： Philip TEE

IPC: G06F9/54 ,  H04L12/58 ,  G06F21/56 ,  G06F21/60 ,  G06F21/31 ,  G06N20/00 ,  G06K9/62

Abstract: A system is provided for managing an infrastructure. An extraction engine is in communication with a managed infrastructure that includes physical hardware. A signalizer engine includes one or more of an NMF engine (Non-negative matrix factorization), a k-means clustering engine (a method of vector quantization), and a topology proximity engine. The signalizer engine determines one or more common characteristics of events and produces clusters of events relating to the failure or errors in the infrastructure. The signalizer engine uses graph coordinates and optionally a subset of attributes assigned to each event to generate one or more clusters to bring together events whose characteristics are similar. One or more interactive displays provide a collaborative interface coupled to the extraction and the signalizer engine with a collaborative interface (UI) for decomposing events from the infrastructure. The events are converted into words and subsets to group the events into clusters that relate to security of the managed infrastructure. In response to grouping the events physical changes are made to at least a portion of the physical hardware. In response to production of the clusters security of the managed infrastructure is maintained.

公开(公告)号：US20190129783A1

公开(公告)日：2019-05-02

申请号：US16232110

申请日：2018-12-26

Applicant: Moogsoft, Inc.

Inventor： Philip Tee ,  Robert Duncan Harper ,  Charles Mike Silvey

IPC: G06F11/07 ,  G06F16/904 ,  H04L12/24 ,  G06F16/28 ,  G06F3/0481 ,  H04L12/58 ,  G06F16/35

Abstract: A method is provided for communication with a managed infrastructure. Messages are received at an extraction engine from managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information. Events are produced that relate to the managed infrastructure. The events are converted into words and subsets used to group the events that relate to failures or errors in the managed infrastructure, including the managed infrastructure physical hardware. One or more common characteristics of events are determined. Clusters of events are produced relating to the failure or errors in the managed infrastructure. A source address is used for each event and a graph topology of the managed infrastructure to assign a graph coordinate to the event. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. In response to production of the clusters one or more physical changes is made in a managed infrastructure hardware and security of the managed infrastructure is maintained.

公开(公告)号：US20180336081A1

公开(公告)日：2018-11-22

申请号：US15811715

申请日：2017-11-14

Applicant: Moogsoft Inc.

Inventor： Philip Tee

IPC: G06F11/07 ,  H04L12/24 ,  G06F17/30 ,  G06N3/08

CPC classification number: G06F11/0709 ,  G06F11/0751 ,  G06F11/0769 ,  G06F11/079 ,  G06F11/30 ,  G06F17/30598 ,  G06F2201/86 ,  G06N3/08 ,  G06Q10/06 ,  H04L41/0604 ,  H04L41/0631 ,  H04L41/065 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/142 ,  H04L41/145 ,  H04L41/16 ,  H04L43/045 ,  H04L51/16 ,  H04L67/22 ,  H04L67/26

Abstract: An event clustering system that has an extraction engine in communication with a managed infrastructure. A signalizer engine includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine. The signalizer engine determines one or more common characteristics or features from events. The signalizer engine uses the common features of events to produce clusters of events relating to the failure or errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. A feedback signalizer functor is provided that is a supervised machine learning approach to train to reproduce a situation. In response to production of the clusters one or more physical changes in a managed infrastructure hardware is made, where the hardware supports the flow and processing of information.

公开(公告)号：US10044549B2

公开(公告)日：2018-08-07

申请号：US14606946

申请日：2015-01-27

Applicant: Moogsoft, Inc.

Inventor： Philip Tee

IPC: H04L12/24

Abstract: A distributed system includes a plurality of managed devices, and at least one agent in communication with the managed devices. A polling server is in communication with the at least one agent with the at least one agent communicating over a subscribed bus. A portal bridge is in communication with the bus and communicates through a client's firewall to a Network System. A server includes or is coupled to a database of anomies and time series data.

公开(公告)号：US20180157762A1

公开(公告)日：2018-06-07

申请号：US15833046

申请日：2017-12-06

Applicant: Moogsoft Inc.

Inventor： Philip Tee

IPC: G06F17/30 ,  H04L12/24 ,  G06Q10/10 ,  H04L12/58 ,  G06F17/10

CPC classification number: G06F16/9535 ,  G06F16/35 ,  G06F17/10 ,  G06Q10/107 ,  H04L41/0253 ,  H04L41/0604 ,  H04L41/0893 ,  H04L51/12 ,  H04L51/16

Abstract: An event clustering system includes an extraction engine and a signalizer engine. The extraction engine is in communication with a managed infrastructure. In operation the extraction engine receives messages from the managed infrastructure and produces events that relate to the managed infrastructure. The events are converted into words and subtexts that are used to group the events into clusters relating to failures or errors in the managed infrastructure physical hardware. The managed infrastructure supports the flow and processing of information. The signalizer engine determines one or more common characteristics of events and produces clusters of events relating to the failure or errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware of the managed infrastructure directed to supporting the flow and processing of information. In response to production of the clusters of events one or more physical changes in a managed infrastructure hardware is made.

公开(公告)号：US20170250873A1

公开(公告)日：2017-08-31

申请号：US15592689

申请日：2017-05-11

Applicant: MOOGSOFT, INC.

Inventor： Philip Tee

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/06

CPC classification number: H04L41/046 ,  G06F17/30864 ,  H04L41/0886 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/142 ,  H04L41/145 ,  H04L41/22 ,  H04L43/067 ,  H04L43/0823 ,  H04L43/10 ,  H04L63/029 ,  H04L67/34 ,  H04L67/42

Abstract: A distributed system includes a plurality of managed devices of an infrastructure that includes a plurality of system parameters. At least one agent is in communication with the managed devices. The at least one agent is configured to determine which of a managed device it runs on. A server is in communication with the at least one agent, with the at least one agent communicating over a subscribed bus. A portal bridge is in communication with the bus and communicates through a client's firewall to a Network System. A server is provided with a database of anomies and time series, wherein a repository of system parameters run on the server.

公开(公告)号：US20170250854A1

公开(公告)日：2017-08-31

申请号：US15596648

申请日：2017-05-16

Applicant: Moogsoft Inc.

Inventor： Philip Tee

IPC: H04L12/24 ,  H04L29/06 ,  G06F17/30 ,  H04L12/26 ,  H04L29/08

CPC classification number: H04L41/046 ,  G06F17/30864 ,  H04L41/0886 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/142 ,  H04L41/145 ,  H04L41/22 ,  H04L43/067 ,  H04L43/0823 ,  H04L43/10 ,  H04L63/029 ,  H04L67/34 ,  H04L67/42

Abstract: A distributed system includes a plurality of managed devices of an infrastructure with a plurality of system parameters; at least one agent in communication with the managed devices. The at least one agent is configured to determine which of a managed device it runs on. A first server is in communication with the at least one agent, with the at least one agent communicating over a subscribed bus. A portal bridge is in communication with the bus and communicates through a client's firewall to a Network System. The system is configured to be in communication with a second server with a database of anomies and time series. A repository of system parameters run on the second server.