Abstract: A method, system and computer-usable medium for constructing a distribution of interrelated event features. The constructing a distribution of interrelated event features includes receiving a stream of events, the stream of events comprising a plurality of events; extracting features from the plurality of events; constructing a distribution of the features from the plurality of events; and, analyzing the distribution of the features from the plurality of events.

Abstract: A method, system and computer-usable medium for identifying probability distributions. The identifying probability distributions includes receiving a stream of events, the stream of events comprising a plurality of events; extracting features from the plurality of events, at least some extracted features corresponding to interrelated events; identifying items of interest based upon the interrelated events; and, generating a distribution value based upon the items of interest.

Abstract: A method for migrating a data schema comprising combining a first deterministic finite automaton with a second deterministic finite automaton to generate a modified deterministic finite automation. Identifying a state of the modified deterministic finite automaton without computed followers. Computing a new vector of original states for each state of the modified deterministic finite automaton corresponding to the identified state.

Abstract: A relational event history is determined based on a data set, the relational event history including a set of relational events that occurred in time among a set of actors. Data is populated in a probability model based on the relational event history, where the probability model is formulated as a series of conditional probabilities that correspond to a set of sequential decisions by an actor for each relational event, where the probability model includes one or more statistical parameters and corresponding statistics. A baseline communications behavior for the relational event history is determined based on the populated probability model, and departures within the relational event history from the baseline communications behavior are determined.

Abstract: A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.

Abstract: A method, system and computer-usable medium for constructing a distribution of interrelated event features. The constructing a distribution of interrelated event features includes receiving a stream of events, the stream of events comprising a plurality of events; extracting features from the plurality of events; constructing a distribution of the features from the plurality of events; and, analyzing the distribution of the features from the plurality of events.

Abstract: A system, method, and computer-readable medium are disclosed for monitoring actions of an entity. In various embodiments the monitoring includes: monitoring a plurality of electronically-observable actions of the entity, the plurality of electronically-observable actions of the entity corresponding to a plurality of events enacted by the entity; associating the plurality of events enacted by the entity with a story; and, using the story to derive an inference regarding the entity.

Abstract: A method, system and computer-usable medium for constructing a distribution of interrelated event features. The constructing a distribution of interrelated event features includes receiving a stream of events, the stream of events comprising a plurality of events; extracting features from the plurality of events; constructing a distribution of the features from the plurality of events; and, analyzing the distribution of the features from the plurality of events.

Abstract: A method, system and computer-usable medium for constructing a distribution of interrelated event features. The constructing a distribution of interrelated event features includes receiving a stream of events, the stream of events comprising a plurality of events; extracting features from the plurality of events; constructing a distribution of the features from the plurality of events; and, analyzing the distribution of the features from the plurality of events.

Abstract: A system for data processing, comprising a plurality of data processing systems, each associated with a user and having an anchor certificate, a proxy system operating on a processor and configured to determine whether an expiration associated with the anchor certificate for each data processing system is within a predetermined time of expiration and a certificate expiration monitor operating on the processor and configured to generate a certificate signing request in response to the determination that the expiration associated with the anchor certificate for each data processing system is within the predetermined time of expiration.

Abstract: A system for firewall data log processing, comprising a firewall logging system operating on a first processor and configured to cause the first processor to receive firewall log data and to process the firewall log data on a periodic basis to reduce the size of the firewall log data and a firewall reporting system operating on a second processor and configured to process the reduced size firewall log data to generate a report on a user interface that includes one or more analytics from the reduced size firewall data.

Abstract: A method, system and computer-usable medium are disclosed for operating an endpoint court at an endpoint device. Certain embodiments include a computer-implemented method for operating an endpoint core at an endpoint device, the method including: receiving an event subscription request from an endpoint agent over a message bus; and managing communication of events for processing by the endpoint agent based on the event subscription request so that events to which the endpoint agent has subscribed are selectively processed at the endpoint agent. Certain embodiments may include corresponding stand-alone and/or network computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of these actions.

Abstract: A method, system, and computer-usable medium for streaming or processing data streams. Raw text data is cleansed to a standard format. A fuzzy matching algorithm is performed on the text data. For data where domain expertise is required, alias matching is performed. End state categorizing or grouping is provided for the cleansed raw text data.

Abstract: A system for processing data is disclosed that includes a first processor configured to operate one or more algorithms to identify a user identity as a function of user metadata and to provide access to a predetermined network resource using a cloud-based explicit proxy as a function of the user identity and one or more service requests, the first processor configured to operate one or more algorithms to detect a change in the one or more service requests and wherein access to the predetermined network resources using the cloud-based explicit proxy is modified as a function of the detected change in the one or more service requests.

Abstract: A method, system and computer-usable medium for generating a user behavior profile, comprising: monitoring user interactions between a user and an information handling system; converting the user interactions and the information about the user into electronic information representing the user interactions; generating a unique user behavior profile based upon the electronic information representing the user interactions and the information about the user; storing information relating to the unique user behavior profile within a user behavior profile repository; and, storing information referencing the unique user behavior profile in a user behavior blockchain.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity of the entity, the security related activity being based upon the observable derived from the electronic data source, the security related activity being of analytic utility; converting the security related activity to entity behavior catalog data, the entity behavior catalog providing an inventory of entity behaviors; and, accessing an entity behavior catalog based upon the entity behavior catalog data; and performing a security operation via a security system, the security operation using the entity behavior catalog data stored within the entity behavior catalog based upon the security related activity.

Abstract: A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: A mechanism is provided for using triggered stimuli to enhance contextual information regarding detected risk events in a networked system. Embodiments monitor a system to identify risk-associated behavior, and upon detecting such behavior, can provide stimulus to a user associated with the risk-associated behavior to determine additional context behind the behavior, thereby initiating a two-way communication to acquire more information. If user response to the stimulus indicates a high risk associated with the behavior, then the system can trigger security measures to restrict the behavior. Some embodiments provide stimuli that are directly related to the nature of the risk-associated behavior, in order to better contextualize the behavior. In some embodiments, the stimuli are only applied if the risk-associated behavior presents a measure of risk above a predetermined threshold.

Abstract: A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a plurality of security related activities, the plurality of security related activities being based upon observables from an electronic data source; analyzing the plurality of security related activities, the analyzing identifying a set of entity behaviors associated with the plurality of security related activities; and, performing a security operation via a security system, the security operation accessing entity behavior catalog data stored within an entity behavior catalog based upon the set of entity behaviors associated with the plurality of security related activities, the entity behavior catalog providing an inventory of entity behaviors for use when performing the security operation.