Abstract: The disclosure provides a system, a method and a computer program product for dynamic scoring of a plurality of incidents. The system is configured to retrieve an incident of the plurality of incidents. The incident comprises at least one alert and is associated with a security breach. The system further generates an enriched alert based on enrichment of the at least one alert. The enrichment is based on security related data of the security breach. The system further identifies one or more entities and one or more observables associated with the generated enriched alert. The system determines a score for the retrieved incident based on at least the generated enriched alert and the generated behavioural entity model. The system is further configured to dynamically update the determined score for the retrieved incident based on an analysis of at least the retrieved incident and the generated behavioural entity model.

Abstract: The disclosure provides a system, a method and a computer program product for generating an automated incident. The system is configured to retrieve an alert of a plurality of alerts received from a plurality of heterogeneous sources. The alert is associated with a security breach. The system further generates a normalized alert based on normalization of the retrieved alert. The normalization is associated with a semantic similarity parameter. Further, the system generates an enriched alert based on enrichment of the generated normalized alert. The enrichment is based on security related data of the security breach associated with the generated normalized alert. The system further identifies a set of correlation features associated with the generated enriched alert. Furthermore, the system generates the automated incident associated with the alert based on at least the generated enriched alert and the identified set of correlation features associated with the enriched alert.

Abstract: The disclosure provides a system, a method and a computer program product for dynamic scoring of a plurality of incidents. The system is configured to retrieve an incident of the plurality of incidents. The incident comprises at least one alert and is associated with a security breach. The system further generates an enriched alert based on enrichment of the at least one alert. The enrichment is based on security related data of the security breach. The system further identifies one or more entities and one or more observables associated with the generated enriched alert. The system determines a score for the retrieved incident based on at least the generated enriched alert and the generated behavioural entity model. The system is further configured to dynamically update the determined score for the retrieved incident based on an analysis of at least the retrieved incident and the generated behavioural entity model.

Abstract: A system for configuration management using OVSDB protocol. The system includes a configuration manager on a server computer and a plurality of devices on a plurality of computing devices. The configuration manager comprises an OVSDB server maintaining an OVSDB database. Each of the plurality of devices includes an OVSDB client. The OVSDB database on the configuration manager comprises a database schema containing configuration data for the plurality of devices. The OVSDB server on the configuration manager communicates with the OVSDB client on each of the plurality of devices via OVSDB protocol in managing configurations of the plurality of devices.

Abstract: A non-transitory computer-readable medium having a program stored thereon that, when executed by one or more processors, directs a computing system to secure a communication network. The program comprises a traffic inspection engine, a domain generation algorithm (DGA) inspection engine, and a message bus communicationally coupling the traffic inspection engine and the DGA inspection engine. The traffic inspection engine is configured to identify if a traffic session containing a domain name system (DNS) request and/or response in a communication network includes a DGA generated domain and send information about the identified DGA generated domain to the DGA inspection engine via the message bus. The DGA inspection engine is configured to verify if the identified DGA generated domain is registered, and send information about the registered DGA domain to the traffic inspection engine via the message bus.

Abstract: A computer-implemented method includes generating a hash key using a number of least significant bits (LSBs) for indexing an indirection table in a computing system including multiple processing cores. In generating the hash key, symmetry constraints for a request packet and a response packet through a same communication channel are computed. The symmetry constraints include at least a condition where the LSBs of a hash value corresponding to a source or destination IP address of the request packet are equal to the LSBs of a hash value corresponding to a destination or source IP address of the response packet, wherein the LSBs of the hash value of the request and response packets are of a number same as the number of LSBs used for indexing the indirection table. A string of bits are subjected to the symmetry constraints and adjusted to satisfy the symmetry constraints to generate the hash key.