Abstract: Dynamically detecting abnormalities in otherwise legitimate emails containing Uniform Resource Locators (URLs) is provided. An example method includes determining one or more rules defining normal patterns in a number of sending Top-Level Domains of previously received emails received via a computer network to a user or group of users; generating a trusted trends criteria for a received email, associated with the user or the group of users, by evaluating the received email against the one or more rules; determining whether the trusted trends criteria exceeds a predetermined threshold; in response to exceeding the predetermined threshold, generating a second URL and applying it to the received email by replacing a first URL of the received email with the second URL; and redetermining the one or more rules defining normal patterns in the number of sending Top-Level Domains based on the previously received emails and the received email.

Abstract: A method for filtering unsolicited emails may comprise dynamically aggregating historical email data associated with a user or a group of users and dynamically determining one or more trusted trends criteria associated with the historical email data. The method may further comprise receiving a new email addressed to the user or the group of users, calculating a score associated with the new email based on the one or more trusted trends criteria, determining that the score is above a predetermined threshold score, and, based on the determination, selectively filtering the new email.

Abstract: Dashboards for displaying threat insight information are provided herein, as well as systems and methods for generating the same. According to some embodiments, methods for providing a threat dashboard may include locating metrics regarding a malicious attack against a targeted resource, where the metrics indicate instances where users were exposed to the malicious attack or instances where a cloud-based threat detection system prevented the user from being exposed to the malicious attack. The method may also include rendering a threat dashboard for a web browser application of a client device, where the threat dashboard includes the located metrics. In various embodiments, methods of dynamically detecting abnormalities in otherwise legitimate emails are provided. The methods may include determining and redetermining, using the one or more processors, one or more rules that define normal patterns in a number of sending Top-Level Domains of received emails.

Abstract: Disclosed here are methods, systems, paradigms and structures for predicting queries, creating tables to store data for the predicted queries, and selecting a particular table to obtain the data from in response to a query. The methods include determining various combinations of a finite set of columns users may query on, based on (i) a list of columns users are interested in obtaining data for, and (ii) cardinality information of a column or combinations of columns in the list of columns. The methods further includes creating various tables based on the determined combinations of the columns using a meta query language. A query is responded to by selecting a table that has least number of rows, among the tables that satisfy query parameters. The methods include selecting a table that has a longest sequence of columns matching with a portion of the query parameters.

Abstract: Disclosed are methods, systems, paradigms and structures for caching data associated with a sliding window in computer systems. A sliding window can include a time window that progresses with time, and the data can include time series data. As time progresses, the sliding window changes bringing in new data. The cache is updated with new data as and when the sliding window moves. The sliding window data is cached at various granularity levels. The method includes storing a first portion of the data at a first granularity level and a second portion at a second granularity level. The data is cached at various granularity levels in order to effectively use the cache considering at least cache updating criteria such as (i) number of times a storage unit is queried to retrieve the data for updating the cache, (ii) the day/date/time at which the storage unit is queried.

Abstract: Disclosed here are methods, systems, paradigms and structures for predicting queries, creating tables to store data for the predicted queries, and selecting a particular table to obtain the data from in response to a query. The methods include determining various combinations of a finite set of columns users may query on, based on (i) a list of columns users are interested in obtaining data for, and (ii) cardinality information of a column or combinations of columns in the list of columns. The methods further includes creating various tables based on the determined combinations of the columns using a meta query language. A query is responded to by selecting a table that has least number of rows, among the tables that satisfy query parameters. The methods include selecting a table that has a longest sequence of columns matching with a portion of the query parameters.

Abstract: Disclosed are methods, systems, paradigms and structures for caching data associated with a sliding window in computer systems. A sliding window can include a time window that progresses with time, and the data can include time series data. As time progresses, the sliding window changes bringing in new data. The cache is updated with new data as and when the sliding window moves. The sliding window data is cached at various granularity levels. The method includes storing a first portion of the data at a first granularity level and a second portion at a second granularity level. The data is cached at various granularity levels in order to effectively use the cache considering at least cache updating criteria such as (i) number of times a storage unit is queried to retrieve the data for updating the cache, (ii) the day/date/time at which the storage unit is queried.

Abstract: A method for filtering unsolicited emails may comprise dynamically aggregating historical email data associated with a user or a group of users and dynamically determining one or more trusted trends criteria associated with the historical email data. The method may further comprise receiving a new email addressed to the user or the group of users, calculating a score associated with the new email based on the one or more trusted trends criteria, determining that the score is above a predetermined threshold score, and, based on the determination, selectively filtering the new email.

Abstract: A system and a method are disclosed for automatically providing an API for a Web-based application. An API processing core receives a call, performs a variety of actions on the call prior to executing it, determines based on the actions whether the call is a valid API call to the currently existing application functionality, and if the call is a valid API call, executes it. The call syntax is constructed primarily out of elements applicable to any Web-based application using the system.