Abstract: Methods and systems for the detection, identification, analysis of cybersecurity events in order to support prevention of the persistence of threats, malware or other harmful events are provided. The methods and systems of the present invention enable a user to find similar anomalous network traffic within a single network or across multiple networks. The methods and systems identify and correlate activity in order to analyze potential threats within a network by providing broader contextual information about how those threats relate to other activity within the network or across a sector or country.

Abstract: Methods and systems for the detection, identification, analysis of cybersecurity events in order to support prevention of the persistence of threats, malware or other harmful events are provided. The methods and systems of the present invention enable a user to find similar anomalous network traffic within a single network or across multiple networks. The methods and systems identify and correlate activity in order to analyze potential threats within a network by providing broader contextual information about how those threats relate to other activity within the network or across a sector or country.

Abstract: Methods and systems for the detection, identification, analysis of cybersecurity events in order to support prevention of the persistence of threats, malware or other harmful events are provided. The methods and systems of the present invention enable a user to find similar anomalous network traffic within a single network or across multiple networks. The methods and systems identify and correlate activity in order to analyze potential threats within a network by providing broader contextual information about how those threats relate to other activity within the network or across a sector or country.

Abstract: Techniques for establishing implicit trust of authorship certification are provided. A message's domain is validated in response to a valid domain certificate. A message's author is validated in response to an author identification, which is acquired from the message and which is supplied to a domain service of the author. The domain service is implicitly trusted based on the domain being validated via the domain certificate. The domain service uses the author's identification to traverse to a specific location within the domain that houses an author certificate for the author. The author certificate is compared against a message certificate that accompanies the message in order to establish trust with the author and the author's message.

Abstract: Techniques for registration of peer-to-peer (P2P) services are provided. A first principal registers a P2P service with a network service provider. The first principal supplies a criterion for granting access to the P2P service. The network service provider distributes an access token to a second principal if the criterion is met. The second principal connects to the P2P service of the first principal via a P2P connection if the second principal successfully acquires the access token from the network service provider.

Abstract: Techniques for attesting to content received from an author (sender) are provided. A sender's content is represented by a message digest. The message digest is signed by an identity service. The signed message digest represents an attestation as to the authenticity of the content from the sender. The sender transmits the signed message digest and content in a message to a recipient. The recipient verifies the signature and message digest to authenticate the content from the sender.

Abstract: Techniques for providing role-based security with instance-level granularity are provided. A security service detects a request made by a principal for access to a resource. Access to the resource is conditioned on a status of a role. The role is associated with the request, the principal, and the resource. The security service evaluates a constraint associated with the role to determine the status. The status is subsequently consumed to determine whether access to the resource for the purposes of satisfying the request is permissible.

Abstract: Techniques are provided for serializing events of a data stream. Meta information defines information unit separators and context for events within the data stream. The data stream is parsed according to the instructions of the meta information and event data associated with the events of the data stream are retained. The event data is packaged into selective groupings of event data and transmitted to one or more services in data formats used by the services. The services perform one or more actions based on the received selective groupings of event data.