Abstract: Disclosed herein are system, apparatus, article of manufacture, method and/or computer program product aspects, and/or combinations and sub-combinations thereof, for generating a dashboard using a natural language command from a user device. An example embodiment operates by retrieving, from a knowledge database, dashboard information associated with an outcome in which the dashboard information includes a previous dashboard associated with the outcome. The embodiment then obtains, from a user context database, user information associated with the user device in which the user information includes a previous user preference of generating the previous dashboard. The embodiment then determines one or more available tools for generating a set of widgets associated with the dashboard. The embodiment then generates the set of widgets associated with the dashboard using the one or more available tools, a large language model (LLM), and a prompt. The embodiment then generates the dashboard using the set of widgets.

Abstract: Disclosed herein are system, apparatus, article of manufacture, method and/or computer program product aspects, and/or combinations and sub-combinations thereof, for executing a task using an optimal architecture. An example embodiment operates by determining a complexity level of the task is high based on identifying a requirement of a collaboration between a plurality of decentralized agents when executing the task. The embodiment then determines a distributable level of the task is low based on identifying a requirement of a central agent for task allocation when executing the task. The embodiment then, in response to determining the complexity level of the task being high and the distributable level of the task being low, selects a hybrid architecture as the optimal architecture associated with the task. The embodiment then assigns the task to an agent associated with the hybrid architecture. The embodiment then executes the task using the hybrid architecture.

Abstract: Disclosed herein are system, apparatus, article of manufacture, method and/or computer program product aspects, and/or combinations and sub-combinations thereof, for generating a response to a user question. An example embodiment operates by querying a large language model (LLM) using a prompt associated with the user question and one or more available tools in a tool service. The embodiment then retrieves an endpoint from the tool service in which the endpoint is a digital location associated with a tool selected by the LLM. The embodiment then requests a database associated with the user question based on the endpoint meeting an endpoint requirement. The embodiment then executes a query at the database, thereby obtains data including the response to the user question. The embodiment then identifies an output format associated with the response. The embodiment then generates the response to the user question based on formatting the data using the output format.

Abstract: Disclosed herein are system, apparatus, article of manufacture, method and/or computer program product aspects, and/or combinations and sub-combinations thereof, for generating a workflow plan for completing a process. An example embodiment operates by receiving a user request from a user device in which the user request includes a natural language description of the workflow plan. The embodiment then retrieves, from a knowledge database, workflow information associated with a step of the workflow plan. The embodiment then generates a plurality of steps associated with the workflow plan. The embodiment then retrieves plan information from a storage database in which the plan information includes a sample workflow plan generated from a sample user request and the workflow information in which the workflow information is further associated with a step of the sample workflow plan. The embodiment then generates the workflow plan using a large language model (LLM) and a prompt.

Abstract: Systems and methods are disclosed herein for monitoring health of each switch of a plurality of switches on a network by selectively mirroring packets transmitted by each switch of the plurality of switches. In some embodiments, control circuitry generates a plurality of mirroring parameters, each mirroring parameter comprising an instruction to mirror a respective type of packet. The control circuitry transmits the plurality of mirroring parameters to each switch of the plurality of switches on the network, and receives, from a switch, a packet that was mirrored by the switch according to a mirroring parameter of the plurality of mirroring parameters. The control circuitry determines the respective type of the packet, executes an analysis of contents of the packet based on the respective type of the packet, and determines a health of the switch based on results of the analysis.

Abstract: Systems and methods are disclosed herein for monitoring health of each switch of a plurality of switches on a network by selectively mirroring packets transmitted by each switch of the plurality of switches. In some embodiments, control circuitry generates a plurality of mirroring parameters, each mirroring parameter comprising an instruction to mirror a respective type of packet. The control circuitry transmits the plurality of mirroring parameters to each switch of the plurality of switches on the network, and receives, from a switch, a packet that was mirrored by the switch according to a mirroring parameter of the plurality of mirroring parameters. The control circuitry determines the respective type of the packet, executes an analysis of contents of the packet based on the respective type of the packet, and determines a health of the switch based on results of the analysis.

Abstract: Disclosed herein are system, method, and computer program product embodiments for providing an anomaly detection system. Some aspects of this disclosure include a method for detecting anomaly in a network device. The method includes determining one or more similarity values between a flow vector corresponding to a flow associated with the network device and one or more flow clusters associated with the network device. The method further includes determining a maximum similarity value as a maximum of the one or more similarity values and comparing the maximum similarity value to a threshold. The method also includes, in response to the maximum similarity value being equal to or greater than the threshold, updating a flow cluster associated with the maximum similarity value. The method also includes, in response to the maximum similarity measure being less than the threshold, detecting the anomaly in the network device.

Abstract: Disclosed herein are system, method, and computer program product embodiments for providing an anomaly detection system. Some aspects of this disclosure include a method for detecting anomaly in a network device. The method includes determining one or more similarity values between a flow vector corresponding to a flow associated with the network device and one or more flow clusters associated with the network device. The method further includes determining a maximum similarity value as a maximum of the one or more similarity values and comparing the maximum similarity value to a threshold. The method also includes, in response to the maximum similarity value being equal to or greater than the threshold, updating a flow cluster associated with the maximum similarity value. The method also includes, in response to the maximum similarity measure being less than the threshold, detecting the anomaly in the network device.

Abstract: Systems and methods are disclosed herein for reducing storage space used in tracking behavior of a plurality of network endpoints by modeling the behavior with a behavior model. To this end, control circuitry may determine a respective network endpoint, of a plurality of network endpoints, to which each respective record of a plurality of received records corresponds. The control circuitry then may assign a dedicated queue for each respective network endpoint, and transmit, to each dedicated queue, each record that corresponds to the respective network endpoint to which the respective dedicated queue is assigned. The control circuitry may then determine, for each respective network endpoint, a respective behavior model, and may store each respective behavior model to memory.

Abstract: Systems and methods are disclosed herein for monitoring health of each switch of a plurality of switches on a network by selectively mirroring packets transmitted by each switch of the plurality of switches. In some embodiments, control circuitry generates a plurality of mirroring parameters, each mirroring parameter comprising an instruction to mirror a respective type of packet. The control circuitry transmits the plurality of mirroring parameters to each switch of the plurality of switches on the network, and receives, from a switch, a packet that was mirrored by the switch according to a mirroring parameter of the plurality of mirroring parameters. The control circuitry determines the respective type of the packet, executes an analysis of contents of the packet based on the respective type of the packet, and determines a health of the switch based on results of the analysis.

Abstract: Disclosed herein are system, method, and computer program product embodiments for providing an anomaly detection system. Some aspects of this disclosure include a method for detecting anomaly in a network device. The method includes determining one or more similarity values between a flow vector corresponding to a flow associated with the network device and one or more flow clusters associated with the network device. The method further includes determining a maximum similarity value as a maximum of the one or more similarity values and comparing the maximum similarity value to a threshold. The method also includes, in response to the maximum similarity value being equal to or greater than the threshold, updating a flow cluster associated with the maximum similarity value. The method also includes, in response to the maximum similarity measure being less than the threshold, detecting the anomaly in the network device.

Abstract: Systems and methods are disclosed herein for monitoring health of each switch of a plurality of switches on a network by selectively mirroring packets transmitted by each switch of the plurality of switches. In some embodiments, control circuitry generates a plurality of mirroring parameters, each mirroring parameter comprising an instruction to mirror a respective type of packet. The control circuitry transmits the plurality of mirroring parameters to each switch of the plurality of switches on the network, and receives, from a switch, a packet that was mirrored by the switch according to a mirroring parameter of the plurality of mirroring parameters. The control circuitry determines the respective type of the packet, executes an analysis of contents of the packet based on the respective type of the packet, and determines a health of the switch based on results of the analysis.

Abstract: Disclosed herein are system, method, and computer program product embodiments for providing an anomaly detection system. Some aspects of this disclosure include a method for detecting anomaly in a network device. The method includes determining one or more similarity values between a flow vector corresponding to a flow associated with the network device and one or more flow clusters associated with the network device. The method further includes determining a maximum similarity value as a maximum of the one or more similarity values and comparing the maximum similarity value to a threshold. The method also includes, in response to the maximum similarity value being equal to or greater than the threshold, updating a flow cluster associated with the maximum similarity value. The method also includes, in response to the maximum similarity measure being less than the threshold, detecting the anomaly in the network device.

Abstract: Systems and methods are disclosed herein for reducing storage space used in tracking behavior of a plurality of network endpoints by modeling the behavior with a behavior model. To this end, control circuitry may determine a respective network endpoint, of a plurality of network endpoints, to which each respective record of a plurality of received records corresponds. The control circuitry then may assign a dedicated queue for each respective network endpoint, and transmit, to each dedicated queue, each record that corresponds to the respective network endpoint to which the respective dedicated queue is assigned. The control circuitry may then determine, for each respective network endpoint, a respective behavior model, and may store each respective behavior model to memory.

Abstract: Systems and methods are disclosed herein for reducing storage space used in tracking behavior of a plurality of network endpoints by modeling the behavior with a behavior model. To this end, control circuitry may determine a respective network endpoint, of a plurality of network endpoints, to which each respective record of a plurality of received records corresponds. The control circuitry then may assign a dedicated queue for each respective network endpoint, and transmit, to each dedicated queue, each record that corresponds to the respective network endpoint to which the respective dedicated queue is assigned. The control circuitry may then determine, for each respective network endpoint, a respective behavior model, and may store each respective behavior model to memory.

Abstract: Systems and methods are disclosed herein for monitoring health of each switch of a plurality of switches on a network by selectively mirroring packets transmitted by each switch of the plurality of switches. In some embodiments, control circuitry generates a plurality of mirroring parameters, each mirroring parameter comprising an instruction to mirror a respective type of packet. The control circuitry transmits the plurality of mirroring parameters to each switch of the plurality of switches on the network, and receives, from a switch, a packet that was mirrored by the switch according to a mirroring parameter of the plurality of mirroring parameters. The control circuitry determines the respective type of the packet, executes an analysis of contents of the packet based on the respective type of the packet, and determines a health of the switch based on results of the analysis.

Abstract: Systems and methods are disclosed herein for monitoring health of each switch of a plurality of switches on a network by selectively mirroring packets transmitted by each switch of the plurality of switches. In some embodiments, control circuitry generates a plurality of mirroring parameters, each mirroring parameter comprising an instruction to mirror a respective type of packet. The control circuitry transmits the plurality of mirroring parameters to each switch of the plurality of switches on the network, and receives, from a switch, a packet that was mirrored by the switch according to a mirroring parameter of the plurality of mirroring parameters. The control circuitry determines the respective type of the packet, executes an analysis of contents of the packet based on the respective type of the packet, and determines a health of the switch based on results of the analysis.

Abstract: Disclosed herein are system, method, and computer program product embodiments for providing an anomaly detection system. Some aspects of this disclosure include a method for detecting anomaly in a network device. The method includes determining one or more similarity values between a flow vector corresponding to a flow associated with the network device and one or more flow clusters associated with the network device. The method further includes determining a maximum similarity value as a maximum of the one or more similarity values and comparing the maximum similarity value to a threshold. The method also includes, in response to the maximum similarity value being equal to or greater than the threshold, updating a flow cluster associated with the maximum similarity value. The method also includes, in response to the maximum similarity measure being less than the threshold, detecting the anomaly in the network device.

Abstract: A function is provided in a network system for the dynamic mirroring of network traffic for a variety of purposes including the identification of characteristics of the traffic. Multiple criteria are established for when, what and where to mirror the traffic. The criteria include what frames of traffic to mirror, what portions of the selected frames to mirror, one or more portals through which to minor the selected frames, a destination for the mirroring and the establishment of a mirror in a device to carry out the mirroring. The criteria may also include when to stop the mirroring. The mirroring instructions can be changed based on the detection of a triggering event, such as authentication, device type or status, ownership of an attached function attached to the device, flow status, but not limited to that. The function may be established in one or more devices of the network.

Abstract: Systems and methods are presented herewith for selecting a preferred route for routing a packet from a first network node to a second network node. A set of possible routes is maintained, with each route having am associated weight value. A random subset of routes is then selected based on the weight values. Each route of the subset is then probed to determine its gain value. The preferred route is selected based on the gain values (e.g., by selecting the highest gain value). Then, all weight values are updated based on the respective gain values. The steps are periodically repeated. Then, whenever a packet needs to be routed, the route currently designated as preferred is used.