Abstract: Embodiments are directed to monitoring network traffic. A monitoring engine may monitor network traffic associated with a plurality of entities in networks to provide metrics. And provide a device relation model based on the plurality of entities, the network traffic, and the metrics. An inference engine may associate each entity in the plurality of entities with an importance score based on the device relation model and the metrics such that each importance score is associated with a significance of an entity to operations of the networks. An alert engine may generate a plurality of alerts associated with the plurality of entities based on the metrics. And provide one or more alerts from the plurality of alerts to one or more users based on one or more ranked importance scores associated with one or more entities.

Abstract: Embodiments are directed to monitoring network traffic associated with networks to provide metrics. A monitoring engine may determine an anomaly based on the metrics exceeding threshold values. An inference engine may be instantiated to provide an anomaly profile based on portions of the network traffic that are associated with the anomaly. The inference engine may provide an investigation profile based on the anomaly profile such that the investigation profile includes information associated with investigation activities associated with an investigation of the anomaly. The inference engine may monitor the investigation of the anomaly based on other portions of the network traffic such that the other portions of the network traffic are associated with monitoring an occurrence of the investigation activities. The inference engine may modify a performance score associated with the investigation profile based on the occurrence of the investigation activities and a completion status of the investigation.

Abstract: Embodiments are directed to monitoring network traffic. A monitoring engine may monitor network traffic associated with a plurality of entities in networks to provide metrics. And provide a device relation model based on the plurality of entities, the network traffic, and the metrics. An inference engine may associate each entity in the plurality of entities with an importance score based on the device relation model and the metrics such that each importance score is associated with a significance of an entity to operations of the networks. An alert engine may generate a plurality of alerts associated with the plurality of entities based on the metrics. And provide one or more alerts from the plurality of alerts to one or more users based on one or more ranked importance scores associated with one or more entities.

Abstract: Embodiments are directed to monitoring network traffic. A monitoring engine may monitor network traffic associated with a plurality of entities in networks to provide metrics. And provide a device relation model based on the plurality of entities, the network traffic, and the metrics. An inference engine may associate each entity in the plurality of entities with an importance score based on the device relation model and the metrics such that each importance score is associated with a significance of an entity to operations of the networks. An alert engine may generate a plurality of alerts associated with the plurality of entities based on the metrics. And provide one or more alerts from the plurality of alerts to one or more users based on one or more ranked importance scores associated with one or more entities.

Abstract: Embodiments are directed to monitoring network traffic associated with networks to provide metrics. A monitoring engine may determine an anomaly based on the metrics exceeding threshold values. An inference engine may be instantiated to provide an anomaly profile based on portions of the network traffic that are associated with the anomaly. The inference engine may provide an investigation profile based on the anomaly profile such that the investigation profile includes information associated with investigation activities associated with an investigation of the anomaly. The inference engine may monitor the investigation of the anomaly based on other portions of the network traffic such that the other portions of the network traffic are associated with monitoring an occurrence of the investigation activities. The inference engine may modify a performance score associated with the investigation profile based on the occurrence of the investigation activities and a completion status of the investigation.

Abstract: Embodiments are directed to monitoring network traffic using network computers. A monitoring engine may monitor network traffic associated with a plurality of entities in a network to provide metrics. A device relation model may be provided based on the plurality of entities, the network traffic, and the metrics. Interest information for a user may be provided based on one or more properties associated with the user. An inference engine may associate each entity in the plurality of entities with an interest score based on the interest information, the device relation model, and the metrics. An alert engine may generate a plurality of alerts associated with the plurality of entities based on the metrics. Some of the alerts may be provided to the user based on ranked interest scores associated with the entities.

Abstract: Embodiments are directed to monitoring network traffic associated with networks to provide metrics. A monitoring engine may determine an anomaly based on the metrics exceeding threshold values. An inference engine may be instantiated to provide an anomaly profile based on portions of the network traffic that are associated with the anomaly. The inference engine may provide an investigation profile based on the anomaly profile such that the investigation profile includes information associated with investigation activities associated with an investigation of the anomaly. The inference engine may monitor the investigation of the anomaly based on other portions of the network traffic such that the other portions of the network traffic are associated with monitoring an occurrence of the investigation activities. The inference engine may modify a performance score associated with the investigation profile based on the occurrence of the investigation activities and a completion status of the investigation.

Abstract: Embodiments are directed to monitoring network traffic using network computers. Monitoring triggers associated with one or more conditions and one or more actions may be provided. A monitoring engine may monitor information that is associated with network traffic associated with networks based on an inspection detail level. The monitoring engine may compare the monitored information to the conditions associated with the monitoring triggers. The monitoring engine may activate one or more monitoring triggers based on a result of the comparison. The monitoring engine may modify the inspection detail level based on the actions associated with the activated monitoring triggers to increase the amount of the information monitored by the monitoring engine. An analysis engine may provide analysis of the network traffic based on the monitored information.

Abstract: Embodiments are directed to monitoring network traffic associated with networks to provide metrics. A monitoring engine may determine an anomaly based on the metrics exceeding threshold values. An inference engine may be instantiated to provide an anomaly profile based on portions of the network traffic that are associated with the anomaly. The inference engine may provide an investigation profile based on the anomaly profile such that the investigation profile includes information associated with investigation activities associated with an investigation of the anomaly. The inference engine may monitor the investigation of the anomaly based on other portions of the network traffic such that the other portions of the network traffic are associated with monitoring an occurrence of the investigation activities. The inference engine may modify a performance score associated with the investigation profile based on the occurrence of the investigation activities and a completion status of the investigation.

Abstract: Embodiments are directed to monitoring network traffic. A monitoring engine may monitor network traffic associated with a plurality of entities in networks to provide metrics. And provide a device relation model based on the plurality of entities, the network traffic, and the metrics. An inference engine may associate each entity in the plurality of entities with an importance score based on the device relation model and the metrics such that each importance score is associated with a significance of an entity to operations of the networks. An alert engine may generate a plurality of alerts associated with the plurality of entities based on the metrics. And provide one or more alerts from the plurality of alerts to one or more users based on one or more ranked importance scores associated with one or more entities.

Abstract: Embodiments are directed to monitoring network traffic. A monitoring engine may monitor network traffic associated with a plurality of entities in networks to provide metrics. And provide a device relation model based on the plurality of entities, the network traffic, and the metrics. An inference engine may associate each entity in the plurality of entities with an importance score based on the device relation model and the metrics such that each importance score is associated with a significance of an entity to operations of the networks. An alert engine may generate a plurality of alerts associated with the plurality of entities based on the metrics. And provide one or more alerts from the plurality of alerts to one or more users based on one or more ranked importance scores associated with one or more entities.

Abstract: Embodiments are directed to monitoring network traffic using network computers. Monitoring triggers associated with one or more conditions and one or more actions may be provided. A monitoring engine may monitor information that is associated with network traffic associated with networks based on an inspection detail level. The monitoring engine may compare the monitored information to the conditions associated with the monitoring triggers. The monitoring engine may activate one or more monitoring triggers based on a result of the comparison. The monitoring engine may modify the inspection detail level based on the actions associated with the activated monitoring triggers to increase the amount of the information monitored by the monitoring engine. An analysis engine may provide analysis of the network traffic based on the monitored information.

Abstract: Embodiments are directed to monitoring network traffic. A monitoring engine may monitor network traffic associated with a plurality of entities in networks to provide metrics. And provide a device relation model based on the plurality of entities, the network traffic, and the metrics. An inference engine may associate each entity in the plurality of entities with an importance score based on the device relation model and the metrics such that each importance score is associated with a significance of an entity to operations of the networks. An alert engine may generate a plurality of alerts associated with the plurality of entities based on the metrics. And provide one or more alerts from the plurality of alerts to one or more users based on one or more ranked importance scores associated with one or more entities.

Abstract: Embodiments are directed to monitoring network traffic using network computers. A monitoring engine may monitor network traffic associated with a plurality of entities in a network to provide metrics. A device relation model may be provided based on the plurality of entities, the network traffic, and the metrics. Interest information for a user may be provided based on one or more properties associated with the user. An inference engine may associate each entity in the plurality of entities with an interest score based on the interest information, the device relation model, and the metrics. An alert engine may generate a plurality of alerts associated with the plurality of entities based on the metrics. Some of the alerts may be provided to the user based on ranked interest scores associated with the entities.

Abstract: Embodiments are directed to monitoring network traffic using network computers. Monitoring triggers associated with one or more conditions and one or more actions may be provided. A monitoring engine may monitor information that is associated with network traffic associated with networks based on an inspection detail level. The monitoring engine may compare the monitored information to the conditions associated with the monitoring triggers. The monitoring engine may activate one or more monitoring triggers based on a result of the comparison. The monitoring engine may modify the inspection detail level based on the actions associated with the activated monitoring triggers to increase the amount of the information monitored by the monitoring engine. An analysis engine may provide analysis of the network traffic based on the monitored information.

Abstract: Embodiments are directed to monitoring network traffic using network computers. A monitoring engine may monitor network traffic associated with a plurality of entities in a network to provide metrics. A device relation model may be provided based on the plurality of entities, the network traffic, and the metrics. Interest information for a user may be provided based on one or more properties associated with the user. An inference engine may associate each entity in the plurality of entities with an interest score based on the interest information, the device relation model, and the metrics. An alert engine may generate a plurality of alerts associated with the plurality of entities based on the metrics. Some of the alerts may be provided to the user based on ranked interest scores associated with the entities.