Abstract: Documents are often generated using a customer communication management (CCM) application that utilizes rules to select and/or modify certain fragments of a document. By analyzing the rules and content that produced a certain fragment, a second CCM application may be automatically provided with the rules, such as when the first set of rules are not available for porting to a second system. Accordingly, a server may access a rule comprising a condition, a document fragment, and a rule identifier. A server may generate a first document to comprise visible content and hidden content. Generating the first document may comprise evaluating the rule and, when the rule is true, including the document fragment as a portion of the visible content and including the rule identifier as a portion of hidden content. A server may provide the first document to a destination.

Abstract: A copy of a blockchain is stored. The stored copy of the blockchain is copied from a blockchain in a distributed blockchain ledger. An event associated with the blockchain in the distributed ledger is identified. In response identifying the event associated with the blockchain in the distributed ledger, a compromise of the blockchain in the distributed ledger is identified, such as, identifying one or more blocks of the blockchain that have been compromised. In a second embodiment, a request to add a new block to a blockchain is identified. In response identifying the request to add the new block to the blockchain, a consensus vote to add the new block to the blockchain is monitored. A determination is made to determine if the consensus vote is below a threshold. In response to the consensus vote being below the threshold, an audit of the blockchain is completed.

Abstract: A request to create a blockchain is received. In response to receiving the request to create a blockchain, an authentication/encryption block is added to the blockchain. For example, the authentication/encryption block may be part of a genesis block of the blockchain. The authentication/encryption block comprises metadata that indicates at least one of: 1) an encryption level for blockchain data that will be part of the blockchain, 2) an encryption type for the blockchain data that will be part the blockchain, 3) an authentication level required to access the blockchain data that will be part of the blockchain, and a security level for the blockchain data that will be part of the blockchain. The metadata is used to define encryption and/or authentication requirements for accessing the blockchain data.

Abstract: Identifying and resolving weaknesses in software are common, resource-intensive tasks for many organizations. Machine-learning models are provided to automatically identify software vulnerabilities or other flaws, such as via entries in a weakness or vulnerability database, identify affected software, generate patches to resolve the vulnerabilities, and apply the patch to affected software. The patch is automatically extracted from code deltas between a software version having the weakness and a subsequent version wherein the weakness has been resolved. Other differences between the versions, not affecting the weakness, are excluded from the code deltas.

Abstract: Network traffic is monitored over a period of time (e.g., network traffic of a corporate network). Based on the monitored network traffic: an abstract temporal graph of the network traffic is generated; graph-based node embeddings of the abstract temporal graph are learned; edge tabular embeddings for edges of the abstract temporal graph are learned; and hybrid embeddings are computed. The computed hybrid embeddings are based on the learned graph-based node embeddings for the abstract temporal graph and the learned edge tabular embedding for the edges of the abstract temporal graph. This process is then repeated over multiple time periods and temporal trajectories are computed using the computed hybrid embeddings for each time period. The temporal trajectories are then used for analysis of the network. For example, the temporal trajectories are used to identify anomalies for prevention of security breaches of the network.

Abstract: A computing device includes a processor and a machine-readable storage storing instructions. The instructions are executable by the processor to: receive an input string including sensitive data to be encrypted; identify a first portion and a second portion of the input string, the first portion comprising the sensitive data; select, from a plurality of hash functions, a hash function based on the second portion; and generate a hash value of the first portion using the selected hash function.

Abstract: An input regarding security characteristics of a project is received. For example, a security characteristic of a project may be insecure storage of data related to confidentiality. The project is scanned for one or more security requirements based on the received security characteristics. A list of security requirements is built for the project based on the received first input. A machine learning process is used to identify addition of one or more security requirements and/or removal of one or more security requirements from the list of security requirements. A first security vulnerability scan is run using the list of security requirements with the one or more additional security requirements and/or the removed one or more security requirements. Results for the first security vulnerability scan are generated and displayed to a user.

Abstract: Devices with low or no security are often added to networks. These devices have the ability to utilize the network and, accordingly, may pose a security risk. Systems and methods herein enable a device to be added to a network and, if the resulting new traffic matches a template, the device is established on an automatically created virtual local area network (VLAN) used solely for the new device. A router is automatically configured to allow traffic that matches the type of device that was newly added, but if other traffic is detected, the device may be treated as a threat and managed accordingly.

Abstract: Strings of a text file representing a configuration of a target device are respectively tokenized into tokens for the configuration. The tokens for the configuration are shingled. A target device signature representing the configuration of the target device is generated by applying a min-wise independent permutations locality sensitive hashing (MinHash) technique to the tokens as have been shingled. Whether the configuration of the target device is anomalous is identified based on the target device signature.

Abstract: An area of a graphical user interface that potentially comprises an actionable graphical object is identified. An actional graphical object is an object that generates an event when clicked on. For example, an actional graphical object may be a button, a menu, a menu item, a check box, a text field, a text area, a tab, and/or the like. A cursor movement is generated in the area of the graphical user interface (e.g., using a grid). The cursor movement uses a scanning process to a detect a change in a cursor type (e.g., from an arrow cursor to a link cursor). In response to detecting the change in the cursor type, the actionable graphical object is identified in the area of the graphical interface. The actionable graphical object may then be integrated into a testing process to validate the graphical user interface.

Abstract: A sandbox database is created. The sandbox database is typically a temporary database. For example, the sandbox database may be a test database for evaluating a new version of software. Creating the sandbox database comprises creating a sandbox cache in the sandbox database and copying metadata from a main database to the sandbox database. The sandbox cache is used to store record(s) that are accessed during the use of the sandbox database. The metadata is used to reference the record(s). This allows for a simpler process for creating a temporary database to be used for testing software.

Abstract: In some examples, a first difference may be determined across respective first and second workflow elements in a first hierarchical level of respective first and second IT workflow data. A second difference may be determined across respective third and fourth workflow elements in a second hierarchical level of the respective first and second IT workflow data. A display representing the first and second differences may be generated.

Abstract: Software developers and security personnel routinely scan code to look for threats, such as security vulnerabilities. While such scans are useful, they are unable to determine the actual data provided to a client device executing a web application. By monitoring the web traffic to a client, the libraries utilized by the web application may be determined by name, version, and vendor. With the library identified, the libraries may be provided to one or more repositories of vulnerabilities to identify the particular vulnerabilities of the library. With the vulnerability identified, a resolution (e.g., version wherein the vulnerability was fixed) may be identified and/or other action to mitigate the vulnerability.

Abstract: A plaintext is received. For example, a plaintext may be a text record that is to be encrypted and then stored in a database. A determination is made to see if a size of the plaintext is above a threshold. The threshold is based on an efficiency of a Format Preserving Encryption (FPE) algorithm. In response to the size of the plaintext being above the threshold: the plaintext is divided into a plurality of blocks based on a block size; each of the blocks are individually encrypted using the FPE algorithm; and each of the blocks are stored as a single FPE cyphertext. This makes the FPE encryption process much more effacement than has previously been achieved. For example, the FPE process may be 30% more efficient depending on the size of the plain text.

Abstract: Automated testing of an application under test (AUT) often requires providing valid responses to an authentication challenge. Many AUTs require a username and password and, increasingly, a time-based one-time password (TOTP) that complicate automated testing. By storing a shared secret on a client device, a human can train an automated testing application to select the shared secret and provide the shared secret to a shared secret provider. The shared secret provider then provides a token code as the TOTP. The shared secret may be stored as a graphical element, such as a quick response (QR) code, and may further correspond to a particular username used to test the AUT.

Abstract: A sub-archive is initiated. The sub-archive saves changes that have occurred since a previous final archive. Changes to an operational database (i.e., the operational database that is being archived) are allowed during the first sub-archive. A final archive is initiated in series after the sub-archive has completed. The final archive does not allow changes to the operational database when the final archive is active. In one embodiment, the sub-archive may comprise a plurality of sub-archives that depend on an amount of outstanding changes that exist in the operational database.

Abstract: A first hash of a record is retrieved. The first hash is tokenized by storing the first hash in a tokenization table that has a corresponding hash token. A request is received to validate the record. The request to validate the record comprises a second hash of the record and a second hash token. In response to receiving the request to validate the record, the record is validated by looking up the first hash in the tokenization table using the second hash token and comparing the looked up first hash to the second hash. In response to the looked up first hash being the same as the second hash, the record is validated. In response to the looked up first hash not being the same as the second hash, the record is not validated.

Abstract: A first hash of a record is retrieved. The first hash is encrypted using an encryption key to produce an encrypted hash. The encrypted hash is stored in the record by replacing the first hash with the encrypted hash or by adding the encrypted hash to the record. A request is received to validate the record. In response to receiving the request to validate the record, the record is validated by: unencrypting the encrypted hash using the encryption key to produce a second hash; hashing the record to produce a third hash; and comparing the second hash to the third hash. In response to the second hash being the same as the third hash, the record is validated. In response to the second hash not being the same as the third hash, the record is not validated.

Abstract: One or more unused locations in a software image are identified. An example of a software image may be a container image or virtual machine image. An unused location may be a location where padding is used in the software image. A first watermark is placed in the one or more unused locations to produce a watermarked software image. A request is received to load the watermarked software image. In response to receiving the request to load the watermarked software image, a second watermark is generated using the one or more unused locations in the watermarked software image and the second watermark is then compared to the first watermark. In response to the first watermark matching the second watermark, the software image is loaded. In response to the first watermark not matching the second watermark, the software image is not loaded.

Abstract: A computing device includes a processor and a machine-readable storage medium storing instructions. The instructions are executable by the processor to: receive input data defining an information technology (IT) change request; in response to a receipt of the input data, perform a first risk classification of the IT change request using a decision tree model; generate a graphical user interface based on the first risk classification, the graphical user interface indicating risk impacts for each of a plurality of request features, and the graphical user interface including a graphic representation of the decision tree model; in response to a user modification to a first request feature of the plurality of request features in the graphical user interface, automatically perform a second request analysis using the decision tree model; and automatically update the graphical user interface based on the second request analysis.