Abstract: In various embodiments, systems, methods, and techniques are disclosed for generating a collection of clusters of related data from a seed. Seeds may be generated based on seed generation strategies or rules. Clusters may be generated by, for example, retrieving a seed, adding the seed to a first cluster, retrieving a clustering strategy or rules, and adding related data and/or data entities to the cluster based on the clustering strategy. Various cluster scores may be generated based on attributes of data in a given cluster. Further, cluster metascores may be generated based on various cluster scores associated with a cluster. Clusters may be ranked based on cluster metascores. Various embodiments may enable an analyst to discover various insights related to data clusters, and may be applicable to various tasks including, for example, tax fraud detection, beaconing malware detection, malware user-agent detection, and/or activity trend detection, among various others.

Abstract: A method for software application optimization using natural language-based queries. The method includes obtaining a user-provided query. The user-provided query includes a constraint to be used for an identification of an application element that matches the constraint, from a set of application elements of a software application. The user-provided query is a string that includes a human language sentence. The method further includes deriving a formalized query from the user-provided query by translating the user-provided query into a syntactic construct of segmented sentence elements and obtaining the application element that matches the constraint. Obtaining the application element that matches the constraint includes deriving a pattern representation of the user-provided query from the formalized query and identifying the application element that matches the pattern representation of the user-provided query from the plurality of application elements.

Abstract: In various embodiments, systems, methods, and techniques are disclosed for generating a collection of clusters of related data from a seed. Seeds may be generated based on seed generation strategies or rules. Clusters may be generated by, for example, retrieving a seed, adding the seed to a first cluster, retrieving a clustering strategy or rules, and adding related data and/or data entities to the cluster based on the clustering strategy. Various cluster scores may be generated based on attributes of data in a given cluster. Further, cluster metascores may be generated based on various cluster scores associated with a cluster. Clusters may be ranked based on cluster metascores. Various embodiments may enable an analyst to discover various insights related to data clusters, and may be applicable to various tasks including, for example, tax fraud detection, beaconing malware detection, malware user-agent detection, and/or activity trend detection, among various others.

Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

Abstract: A customer risk trigger associated with a customer may be identified. A response to the customer risk trigger may be detected. First risk analysis data related to the customer risk trigger may be gathered, based on the response, from a first datastore. Second risk analysis data related to the customer risk trigger may be gathered, based on the response, from a second datastore. A customer risk profile to model risk attribute(s) of the customer may be gathered. The risk attributes may represent a risk correlation between the customer and a prohibited act. Customer risk visualization tool(s) configured to facilitate visual user interaction with the customer risk profile may be gathered. The customer risk visualization tools may be rendered in a display of the computing system. The customer risk visualization tools provide a customer-centric view of risk for various applications, including anti-money laundering applications.

Abstract: A method for software application optimization using natural language-based queries. The method includes obtaining a user-provided query. The user-provided query includes a constraint to be used for an identification of an application element that matches the constraint, from a set of application elements of a software application. The user-provided query is a string that includes a human language sentence. The method further includes deriving a formalized query from the user-provided query by translating the user-provided query into a syntactic construct of segmented sentence elements and obtaining the application element that matches the constraint. Obtaining the application element that matches the constraint includes deriving a pattern representation of the user-provided query from the formalized query and identifying the application element that matches the pattern representation of the user-provided query from the plurality of application elements.

Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

Abstract: Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.

Abstract: Computer-implemented techniques for data extraction are described. The techniques include a method and system for retrieving an extraction job specification, wherein the extraction job specification comprises a source repository identifier that identifies a source repository comprising a plurality of data records; a data recipient identifier that identifies a data recipient; and a schedule that indicates a timing of when to retrieve the plurality of data records. The method and system further include retrieving the plurality of data records from the source repository based on the schedule, creating an extraction transaction from the plurality of data records, wherein the extraction transaction comprises a subset of the plurality of data records and metadata, and sending the extraction transaction to the data recipient.

Abstract: Methods, devices, systems and computer program products enable monitoring and responding to cyber security attacks. One such system relates to a consortium of monitoring companies and an infrastructure including one or more central monitoring stations or local handling stations for a monitoring company are provided. A central monitoring station of a monitoring company detects a cyberattack that has been launched against a client computer system, and requests a local station to respond to the cyberattack via onsite visits or requests additional resources from other monitoring companies through the consortium system. The central monitoring station also sends to the consortium system updates on a cyberattack that is detected or mitigated by a central monitoring station or local handling station of the monitoring company. The monitoring consortium enables stronger capabilities than any individual monitoring company can offer by the combination and coordination of the efforts and resources of the members.

Abstract: A method for software application optimization using natural language-based queries. The method includes obtaining a user-provided query. The user-provided query includes a constraint to be used for an identification of an application element that matches the constraint, from a set of application elements of a software application. The user-provided query is a string that includes a human language sentence. The method further includes deriving a formalized query from the user-provided query by translating the user-provided query into a syntactic construct of segmented sentence elements and obtaining the application element that matches the constraint. Obtaining the application element that matches the constraint includes deriving a pattern representation of the user-provided query from the formalized query and identifying the application element that matches the pattern representation of the user-provided query from the plurality of application elements.

Abstract: In various embodiments, systems, methods, and techniques are disclosed for generating a collection of clusters of related data from a seed. Seeds may be generated based on seed generation strategies or rules. Clusters may be generated by, for example, retrieving a seed, adding the seed to a first cluster, retrieving a clustering strategy or rules, and adding related data and/or data entities to the cluster based on the clustering strategy. Various cluster scores may be generated based on attributes of data in a given cluster. Further, cluster metascores may be generated based on various cluster scores associated with a cluster. Clusters may be ranked based on cluster metascores. Various embodiments may enable an analyst to discover various insights related to data clusters, and may be applicable to various tasks including, for example, tax fraud detection, beaconing malware detection, malware user-agent detection, and/or activity trend detection, among various others.

Abstract: A method for software application optimization using natural language-based queries. The method includes obtaining a user-provided query. The user-provided query includes a constraint to be used for an identification of an application element that matches the constraint, from a set of application elements of a software application. The user-provided query is a string that includes a human language sentence. The method further includes deriving a formalized query from the user-provided query by translating the user-provided query into a syntactic construct of segmented sentence elements and obtaining the application element that matches the constraint. Obtaining the application element that matches the constraint includes deriving a pattern representation of the user-provided query from the formalized query and identifying the application element that matches the pattern representation of the user-provided query from the plurality of application elements.

Abstract: In various embodiments, systems, methods, and techniques are disclosed for generating a collection of clusters of related data from a seed. Seeds may be generated based on seed generation strategies or rules. Clusters may be generated by, for example, retrieving a seed, adding the seed to a first cluster, retrieving a clustering strategy or rules, and adding related data and/or data entities to the cluster based on the clustering strategy. Various cluster scores may be generated based on attributes of data in a given cluster. Further, cluster metascores may be generated based on various cluster scores associated with a cluster. Clusters may be ranked based on cluster metascores. Various embodiments may enable an analyst to discover various insights related to data clusters, and may be applicable to various tasks including, for example, tax fraud detection, beaconing malware detection, malware user-agent detection, and/or activity trend detection, among various others.

Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

Abstract: A customer risk trigger associated with a customer may be identified. A response to the customer risk trigger may be detected. First risk analysis data related to the customer risk trigger may be gathered, based on the response, from a first datastore. Second risk analysis data related to the customer risk trigger may be gathered, based on the response, from a second datastore. A customer risk profile to model risk attribute(s) of the customer may be gathered. The risk attributes may represent a risk correlation between the customer and a prohibited act. Customer risk visualization tool(s) configured to facilitate visual user interaction with the customer risk profile may be gathered. The customer risk visualization tools may be rendered in a display of the computing system. The customer risk visualization tools provide a customer-centric view of risk for various applications, including anti-money laundering applications.

Abstract: A customer risk trigger associated with a customer may be identified. A response to the customer risk trigger may be detected. First risk analysis data related to the customer risk trigger may be gathered, based on the response, from a first datastore. Second risk analysis data related to the customer risk trigger may be gathered, based on the response, from a second datastore. A customer risk profile to model risk attribute(s) of the customer may be gathered. The risk attributes may represent a risk correlation between the customer and a prohibited act. Customer risk visualization tool(s) configured to facilitate visual user interaction with the customer risk profile may be gathered. The customer risk visualization tools may be rendered in a display of the computing system. The customer risk visualization tools provide a customer-centric view of risk for various applications, including anti-money laundering applications.

Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

Abstract: Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.

Abstract: A method for software application optimization using natural language-based queries. The method includes obtaining a user-provided query. The user-provided query includes a constraint to be used for an identification of an application element that matches the constraint, from a set of application elements of a software application. The user-provided query is a string that includes a human language sentence. The method further includes deriving a formalized query from the user-provided query by translating the user-provided query into a syntactic construct of segmented sentence elements and obtaining the application element that matches the constraint. Obtaining the application element that matches the constraint includes deriving a pattern representation of the user-provided query from the formalized query and identifying the application element that matches the pattern representation of the user-provided query from the plurality of application elements.