Abstract: A system processes an API specification provided by a vendor to determine and classify the functions defined therein by CRUD operation type based on analysis of the function names. Classification of the function includes associating a bitmask corresponding to the class with the function name. The system then subscribes to an event stream including logged API function call events during a time window overlapping with a “blind spot” period of attack detection. The system analyzes incoming events to identify an associated resource and an API function call. The system classifies the function based on the determined function classes and performs a bitwise operation between bit values maintained for the identified resource that are indicative of resource state and the bitmask of the function class. If the resulting bit values indicate that the resource was both created and deleted during the time window, the system flags the resource as potentially involved in an attack.

Abstract: A method for calibrating a map of an autonomous robot, a trajectory of the autonomous robot, or a combination thereof includes obtaining localization data from a localization sensor of the autonomous robot and determining whether a calibration condition of the autonomous robot is satisfied based on the localization data. The method includes, in response to the calibration condition being satisfied: determining a master position coordinate of the autonomous robot based on a plurality of radio frequency (RF) signals broadcasted by a plurality of RF tags, converting the master position coordinate to a local position coordinate of the autonomous robot, and selectively updating the map, the trajectory, or a combination thereof based on the local position coordinate of the autonomous robot.

Abstract: Embodiments disclosed herein relate generally to a customized or personalized GUL. More specifically, embodiments described herein disclose systems and process for deriving user preferences based upon previous actions of a set of users and using those user preferences to personalize one or more widgets within a GUL.

Abstract: A machine learning (ML) hardware includes a first data format conversion block configured to receive data generated by an application source in a first data format. The first data format conversion block is configured to convert the received data from the first data format into a second data format. The first data format is different from the second data format. The ML hardware includes a plurality of processing units configured to perform one or more ML operations on the data in the second data format to generate a processed data. The ML hardware includes a second data format conversion block configured to convert the processed data to a third data format. The ML hardware further includes a transmitting component configured to output the processed data in the third data format to a memory component for use by an application destination.

Abstract: Comprehensive matching allows for automated conversion from runtime policy rules to build time rules that can be applied to an IaC configuration file(s). API specifications of a CSP and resource models defined in an IaC configuration file(s) are parsed and tokenized. The tokenized API specifications are evaluated to identify, for each resource model, a most appropriate API specification for mapping fields. Based on the evaluation and token matching, tokens of the API specifications are mapped to the tokens of the IaC resource models to form a mapping model. In an implementation phase, a runtime policy rule converter replaces tokens of a runtime security policy rule query with IaC tokens based on the mapping index to convert the runtime security policy rule query into a buildtime security policy rule query that can be applied against the IaC configuration files.

Abstract: Embodiments disclosed herein relate generally to a customized or personalized GUI. More specifically, embodiments described herein disclose systems and process for deriving user preferences based upon previous actions of a set of users and using those user preferences to personalize one or more widgets within a GUI.

Abstract: A system retrieves from cloud storage a packet(s) sampled from network traffic detected for software deployed on a cloud instance within a cloud environment. Each packet is inspected with deep packet inspection (DPI) to determine characteristics of the packet from which the identity/type of the corresponding software are determined. The system correlates the data/metadata generated from DPI with data/metadata of other cloud resources of the cloud environment based on determining the cloud resources to which the cloud instance is related or which also support deployment/execution of the software. The correlated data/metadata are evaluated based on security policies which include criteria for characteristics of software running on the cloud infrastructure rather than criteria for cloud infrastructure configuration alone. The system thus determines whether a cloud resource complies with the security policies based at least partly on the types/characteristics of software with which it is correlated.

Abstract: A system processes an API specification provided by a vendor to determine and classify the functions defined therein by CRUD operation type based on analysis of the function names. Classification of the function includes associating a bitmask corresponding to the class with the function name. The system then subscribes to an event stream including logged API function call events during a time window overlapping with a “blind spot” period of attack detection. The system analyzes incoming events to identify an associated resource and an API function call. The system classifies the function based on the determined function classes and performs a bitwise operation between bit values maintained for the identified resource that are indicative of resource state and the bitmask of the function class. If the resulting bit values indicate that the resource was both created and deleted during the time window, the system flags the resource as potentially involved in an attack.

Abstract: A graph representation of cloud resources and their relationships is generated and maintained to provide insights into impact of incidents affecting cloud resources on others in the cloud environment. Cloud resource data for the cloud resources are obtained and relationships among the cloud resources are determined. Relationships among the cloud resources are determined based on analysis of configuration data associated with the cloud resources from which relationships among cloud resources of different types can be inferred, and external sources may also be utilized to facilitate identification of relationships. A graph representation of the cloud resources and their determined relationships is built where the cloud resource data are stored in vertices with directed edges between the vertices representing the identified relationships.

Abstract: A command queue is configured to receive a command from a software application. A configuration storage is configured to store a plurality of configurations. A matrix multiplication unit is configured to perform matrix multiplication operations. Memory is configured to store matrices. A control engine is configured to retrieve the command from the command queue; retrieve a configuration from the configuration storage based on the command; generate, based on the command and the configuration, instructions for the matrix multiplication unit to perform a set of matrix multiplication operations on first and second matrices stored in the memory; send the instructions to the matrix multiplication unit to configure the matrix multiplication unit to output results of the set of matrix multiplication operations; and store the results in a third matrix in the memory.

Abstract: A system retrieves from cloud storage a packet(s) sampled from network traffic detected for software deployed on a cloud instance within a cloud environment. Each packet is inspected with deep packet inspection (DPI) to determine characteristics of the packet from which the identity/type of the corresponding software are determined. The system correlates the data/metadata generated from DPI with data/metadata of other cloud resources of the cloud environment based on determining the cloud resources to which the cloud instance is related or which also support deployment/execution of the software. The correlated data/metadata are evaluated based on security policies which include criteria for characteristics of software running on the cloud infrastructure rather than criteria for cloud infrastructure configuration alone. The system thus determines whether a cloud resource complies with the security policies based at least partly on the types/characteristics of software with which it is correlated.

Abstract: A graph representation of cloud resources and their relationships is generated and maintained to provide insights into impact of incidents affecting cloud resources on others in the cloud environment. Cloud resource data for the cloud resources are obtained and relationships among the cloud resources are determined. Relationships among the cloud resources are determined based on analysis of configuration data associated with the cloud resources from which relationships among cloud resources of different types can be inferred, and external sources may also be utilized to facilitate identification of relationships. A graph representation of the cloud resources and their determined relationships is built where the cloud resource data are stored in vertices with directed edges between the vertices representing the identified relationships.

Abstract: A system for reconfiguring a factory having equipment at different workstations throughout the factory and a plurality of sensors disposed throughout the factory includes a factory configuration module configured to store a plurality of predetermined factory configurations and a plurality of mobile transporters configured to engage and transport the equipment to the different workstations throughout the factory based on the predetermined factory configurations and dynamic inputs, where the dynamic inputs include a status of the equipment, a status of the plurality of mobile transporters, sensor data output by the plurality of sensors, or a combination thereof.

Abstract: A survey system includes a controller storing a map comprising a plurality of nodes representing data capture points of the environment. The controller is configured to segment the plurality of nodes into a plurality of communities, where each community from among the plurality of communities includes a set of nodes from among the plurality of nodes. The controller is configured to generate, for each community from among the plurality of communities, one or more traversability scores. The controller is configured to assign, for each community from among the plurality of communities, at least one robot from among a plurality of robots to survey the community based on the one or more traversability scores. The controller is configured to deploy, for each community from among the plurality of communities, at least one of the plurality of robots based on the plurality of robots assigned to the community.

Abstract: A system retrieves from cloud storage a packet(s) sampled from network traffic detected for software deployed on a cloud instance within a cloud environment. Each packet is inspected with deep packet inspection (DPI) to determine characteristics of the packet from which the identity/type of the corresponding software are determined. The system correlates the data/metadata generated from DPI with data/metadata of other cloud resources of the cloud environment based on determining the cloud resources to which the cloud instance is related or which also support deployment/execution of the software. The correlated data/metadata are evaluated based on security policies which include criteria for characteristics of software running on the cloud infrastructure rather than criteria for cloud infrastructure configuration alone. The system thus determines whether a cloud resource complies with the security policies based at least partly on the types/characteristics of software with which it is correlated.

Abstract: When a transformation job of flow logs generated for a cloud environment is triggered, a security service determines a parameterized template for batch data processing operations offered by the cloud service provider (CSP) to use based on the type of transformation job. The security service communicates an indication of the template and the corresponding parameter values to a data processing service/pipeline offered by the CSP. The provisioned processing resources retrieve the flow logs from a designated location in cloud storage, complete the transformation, and store the transformed flow logs in a new storage location. If the CSP does not provide a data processing service/pipeline which can perform bulk data transformation, the security service uses a generic parameterized template specifying a transformation job to be run on a cluster. Upon completion, the security service retrieves and analyzes the transformed flow logs as part of threat detection performed for securing the cloud environment.

Abstract: An API response field classification service obtains API documentation published by a vendor and defined security policies and matches the response fields represented in the security policies to their descriptions in the API documentation. The service generates labelled training data that comprise the identified response field descriptions with labels indicating that their corresponding response field is security related. Additional labelled training data for security unrelated response fields comprises descriptions of response fields that are known not to be represented with any security policies. The service trains a text classifier on the labelled training data. The trained text classifier accepts inputs comprising descriptions of unknown response fields and outputs predicted classes indicating whether the corresponding response fields are predicted to be security related. Subsequent creation of security policies can be focused on these response fields predicted to be security related.

Abstract: A cloud resource management system detects resource misconfiguration for resources in a cloud including cloud policy misconfigurations and resource vulnerabilities. An attack chain analyzer identifies attack chains from misconfigured resources ordered according to stages in an attack framework that models sequential behavior for malicious attacks. The attack chains are detected according to a depth-first search traversal of adjacent resources that have pairwise exposure according to characteristics indicated in the cloud policy misconfigurations and resource vulnerabilities. The attack chain analyzer generates further diagnostics that inform remediation of resource misconfigurations for malicious attack prevention.

Abstract: A browser extension produces a single view comprising content of web pages of a target vendor requested by a customer and corresponding security information for the target vendor maintained for the customer. Fingerprints of the target vendor's web page URLs and web page elements corresponding to resources, respectively, are determined. As the web browser retrieves web pages and the customer selects web page elements that identify resources, the browser extension matches URLs and/or HTML/XML syntactic patterns of the retrieved web pages to the fingerprints to determine the security information to obtain from backend storage. The type/granularity of information that is retrieved can vary depending on the identified fingerprint match. The browser extension retrieves security information corresponding to fingerprints for which matches are identified, generates security overviews therefrom, and integrates the security overviews into the requested web pages to generate a consolidated, multi-perspective view.

Abstract: The embodiments described herein relate generally to securely establishing an account and authentication metrics associated with a communication platform. An account associated with a communication platform may allow a user associated with the account to send and receive communications via the communication platform.