Patents by Inventor Gueorgui Bonov Chkodrov
Gueorgui Bonov Chkodrov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230350900Abstract: Methods, systems, and computer storage media for providing observation stream data of security incidents using an observation stream engine in a security management system. An observation stream framework supports continuously generating and presenting observation stream data that facilitates developing a working hypothesis of an active security incident. The observation stream framework can also include observation stream query-types that can be selected for running queries against a plurality of security data sources. In operation, an observation stream query is accessed. The observation stream query is a user-generated observation stream query associated with an observation stream query-type. The observation stream query-type comprises parameters for querying a plurality of security data sources and dynamic tracking of a security incident. The observation stream query is executed and observation stream data is generated.Type: ApplicationFiled: April 29, 2022Publication date: November 2, 2023Inventors: Gueorgui Bonov CHKODROV, Ryan John LITTLEFIELD, Jeffrey Scott SHAW, Zane Alexander COPPEDGE, Ying QIAN, Dan Alexandru NICOLESCU, Anitta M MILLER, Khoi HONG, Justin Matthew POWELL
-
Publication number: 20230236875Abstract: The handling of protocol exceptions for deterministic code that communicates with external component(s). A protocol exception host updates an execution state object associated with the deterministic code as the execution of the deterministic code proceeds. The component also detects whether a protocol exception has occurred that was caused by the deterministic code communicating using the protocol with an external component. If the component detects that such a protocol exception has occurred, the component handles the protocol exception. The component also determines whether the handled protocol exception has been successfully handled. If the exception is not successfully handled, the component stops the execution of the deterministic code such that the execution state object includes execution state of the deterministic code up to the stop. Accordingly, the execution state of the deterministic code up to the stop may be later used to resume execution of the deterministic code.Type: ApplicationFiled: January 26, 2022Publication date: July 27, 2023Inventors: Gueorgui Bonov CHKODROV, Dan Alexandru NICOLESCU, Khoi HONG, Anitta Maria MILLER, Jose Wilson MORRIS, Juan Miguel PAREDES, Justin Matthew POWELL
-
Patent number: 11290473Abstract: Using a set of anomalies indicative of a malicious pattern of behavior collected from data to determine new alerts for anomalies included in subsequently collected data. A set of anomalies found in data collected from data sources is accessed. The set of anomalies is determined by a prior analysis to be indicative of a malicious pattern of behavior by entities associated with the set of anomalies. Data that is subsequently collected from the data sources is searched to determine if any of the data includes the set of anomalies. Alerts are generated for any of the subsequently collected data that includes the set of anomalies.Type: GrantFiled: August 8, 2019Date of Patent: March 29, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Hani Hana Neuvirth, Owen Joseph Davis, Scott Elliott Gorlick, Gueorgui Bonov Chkodrov, Yotam Livny, Dawn Antonette Burns, Zhipeng Zhao, Julian Federico Gonzalez
-
Patent number: 11283693Abstract: According to examples, an apparatus may include a processor and a computer readable medium on which is stored machine readable instructions that may cause the processor to receive a query, in which the query may define an event pertaining to the apparatus to be identified and summarization instructions. The processor may also implement the query on tracked events pertaining to the apparatus to identify event data pertaining to the apparatus that matches the event defined in the query and summarize the identified event data according to the summarization instructions to generate summarized event data responsive to the query. The processor may further output the summarized event data.Type: GrantFiled: August 12, 2019Date of Patent: March 22, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: William Kendall Hollis, Gueorgui Bonov Chkodrov, David Lloyd Fosth, Jose Wilson Morris, Russell E. Biles
-
Publication number: 20210051082Abstract: According to examples, an apparatus may include a processor and a computer readable medium on which is stored machine readable instructions that may cause the processor to receive a query, in which the query may define an event pertaining to the apparatus to be identified and summarization instructions. The processor may also implement the query on tracked events pertaining to the apparatus to identify event data pertaining to the apparatus that matches the event defined in the query and summarize the identified event data according to the summarization instructions to generate summarized event data responsive to the query. The processor may further output the summarized event data.Type: ApplicationFiled: August 12, 2019Publication date: February 18, 2021Inventors: William Kendall HOLLIS, Gueorgui Bonov CHKODROV, David Lloyd FOSTH, Jose Wilson MORRIS, Russell E. BILES
-
Publication number: 20210044606Abstract: Using a set of anomalies indicative of a malicious pattern of behavior collected from data to determine new alerts for anomalies included in subsequently collected data. A set of anomalies found in data collected from data sources is accessed. The set of anomalies is determined by a prior analysis to be indicative of a malicious pattern of behavior by entities associated with the set of anomalies. Data that is subsequently collected from the data sources is searched to determine if any of the data includes the set of anomalies. Alerts are generated for any of the subsequently collected data that includes the set of anomalies.Type: ApplicationFiled: August 8, 2019Publication date: February 11, 2021Inventors: Hani Hana Neuvirth, Owen Joseph Davis, Scott Elliott Gorlick, Gueorgui Bonov Chkodrov, Yotam Livny, Dawn Antonette Burns, Zhipeng Zhao, Julian Federico Gonzalez
-
Publication number: 20120323941Abstract: The subject disclosure is directed towards processing a query corresponding to event data in a foreign representation. In order to produce results for the query, an event structure is defined for each requested event type. Information is automatically generated for configuring adapters to identify attribute data associated with the each requested event type and return the attribute data according to the event structure. These adapters search historical event data or real-time event data for the event-related data.Type: ApplicationFiled: June 17, 2011Publication date: December 20, 2012Applicant: MICROSOFT CORPORATIONInventors: Gueorgui Bonov Chkodrov, Colin Joseph Meek, Tihomir Tsvetkov Tarnavski, Balan Sethu Raman, Beysim Sezgin
-
Patent number: 8315972Abstract: Challenges associated with maintaining information about multiple instances of an activity are addressed. Separate database tables are maintained for data corresponding to active instances of an organization's activities and for data corresponding to inactive instances of an organization's activities. Multiple database tables can be maintained for data corresponding to inactive instances of an activity. In another aspect, data from the active instances table and one or more inactive instances tables are processed to generate combined analysis data.Type: GrantFiled: September 26, 2003Date of Patent: November 20, 2012Assignee: Microsoft CorporationInventors: Gueorgui Bonov Chkodrov, Richard Zachary Jason, Eric Anthony Reel
-
Patent number: 8230386Abstract: The present invention extends to methods, systems, and computer program products for monitoring distributed applications. Declarative application models are used. Operational data for a deployed application can be compared to an application intent expressed in a corresponding declarative application to provide more effective monitoring of application behavior. Application components can subscribe to an event fabric to receive configurations that indicate what events the application is to emit (i.e., publish into the event fabric) for monitoring. Thus, applications essentially subscribe to produce information (as opposed to subscribing to receive information). Monitoring can be dynamically adjusted in response to environment changes.Type: GrantFiled: August 23, 2007Date of Patent: July 24, 2012Assignee: Microsoft CorporationInventors: Igor Sedukhin, Gueorgui Bonov Chkodrov, Amol Sudhakar Kulkarni, Mariusz Gerard Borsa, Haoran Andy Wu, Daniel Eshner, Gilles C. J. A. Zunino
-
Patent number: 7904757Abstract: To trace an activity through multiple components or applications that may be involved in the performance of the activity, an activity identifier can be generated and utilized by the various components or applications. Each can generate its own activity identifier to minimize changes to existing interfaces. When logging of events has been activated, each application or component can provide, to an event store, an indication of the activity identifier it is using for a given activity. If a preceding or subsequent component utilizes a different activity identifier for aspects of the same activity, a link between the two activity identifiers can be communicated to the event store. Subsequently, examination of the event store can filter out irrelevant entries based on the activity identifiers. A graph linking the various related activity identifiers can be created and only those events associated with activity identifiers not in the graph can be filtered out.Type: GrantFiled: June 5, 2008Date of Patent: March 8, 2011Assignee: Microsoft CorporationInventors: Ari Pekka Niikkonen, Darene Brice Lewis, Anthony Goodrich Jones, Gueorgui Bonov Chkodrov, Tin Qian, Shuangtong Feng, Jwalin Buch
-
Publication number: 20100223446Abstract: A method of tracking execution of activities in a computing environment in which events in an activity are recorded along with an activity identifier uniquely identifying the activity and tying the events to the activity. To track interactions between activities, a correlation identifier may be generated and transferred between the interacting activities as part of the interaction. For each of the activities participating in the interaction, information on an event relating to the interaction is recorded along with the correlation identifier. The correlation identifier thus allows uniquely identifying each interaction which may be used to synchronize streams of events within the activities at points of their interaction. Activities may interact across any boundary, including a network.Type: ApplicationFiled: February 27, 2009Publication date: September 2, 2010Applicant: Microsoft CorporationInventors: Sanjeev Katariya, Jwalin Buch, Gueorgui Bonov Chkodrov
-
Patent number: 7693916Abstract: Instance data is transmitted for Payload/Milestone events and for Enable-Continuation events. Payload/Milestone event data contains information describing an instance and/or providing a time of one or more portions of the processing of an instance. Included in the Enable-Continuation event data is an identifier associated with an instance by a first application and an identifier associated with the same instance by another application. The identifiers are placed in a continuation data table which is used to index the appropriate record of an instance data table. Out-of-order data for an instance is hidden from view until sequentially prior data for the instance is received.Type: GrantFiled: January 5, 2004Date of Patent: April 6, 2010Assignee: Microsoft CorporationInventors: Gueorgui Bonov Chkodrov, Richard Zachary Jason, Eric Anthony Reel
-
Publication number: 20090307533Abstract: To trace an activity through multiple components or applications that may be involved in the performance of the activity, an activity identifier can be generated and utilized by the various components or applications. Each can generate its own activity identifier to minimize changes to existing interfaces. When logging of events has been activated, each application or component can provide, to an event store, an indication of the activity identifier it is using for a given activity. If a preceding or subsequent component utilizes a different activity identifier for aspects of the same activity, a link between the two activity identifiers can be communicated to the event store. Subsequently, examination of the event store can filter out irrelevant entries based on the activity identifiers. A graph linking the various related activity identifiers can be created and only those events associated with activity identifiers not in the graph can be filtered out.Type: ApplicationFiled: June 5, 2008Publication date: December 10, 2009Applicant: Microsoft CorporationInventors: Ari Pekka Niikkonen, Darene Brice Lewis, Anthony Goodrich Jones, Gueorgui Bonov Chkodrov, Tin Qian, Shuangtong Feng, Jwalin Buch
-
Publication number: 20090055838Abstract: The present invention extends to methods, systems, and computer program products for monitoring distributed applications. Declarative application models are used. Operational data for a deployed application can be compared to an application intent expressed in a corresponding declarative application to provide more effective monitoring of application behavior. Application components can subscribe to an event fabric to receive configurations that indicate what events the application is to emit (i.e., publish into the event fabric) for monitoring. Thus, applications essentially subscribe to produce information (as opposed to subscribing to receive information). Monitoring can be dynamically adjusted in response to environment changes.Type: ApplicationFiled: August 23, 2007Publication date: February 26, 2009Applicant: MICROSOFT CORPORATIONInventors: Igor Sedukhin, Gueorgui Bonov Chkodrov, Amol Sudhakar Kulkarni, Mariusz Gerard Borsa, Haoran Andy Wu, Daniel Eshner, Gilles C.J.A. Zunino
-
Patent number: 7149736Abstract: Multiple aggregation groups, which can be multiple partitions in an aggregated data table, are formed. Each group includes multiple aggregation records; each aggregation record includes an aggregation of values contained by a different subset of multiple database records. While an aggregation group is accessed by a single program thread during an aggregation group update transaction, no other threads are allowed to access that group. The aggregation groups are combined into a single table of aggregation records. Each of the multiple database records may correspond to an instance of an organizational activity and include a field having a value indicating the corresponding instance to be in one of several process states. Each aggregation group may further include time-sorted aggregation records, each time-sorted aggregation record containing an aggregation value for instances in one of the several process states during a time period associated with the time-sorted aggregation record.Type: GrantFiled: September 26, 2003Date of Patent: December 12, 2006Assignee: Microsoft CorporationInventors: Gueorgui Bonov Chkodrov, Richard Zachary Jason, Eric Anthony Reel, Chun Yu