A settings management system in a remote server environment generates user interface displays with settings management user input mechanisms, and detects actuation of those user input mechanisms. Settings configuration metadata is generated, for a given setting, based upon the detected actuation. The settings metadata is output for access by a plurality of different, heterogeneous, computing environments, and the settings metadata is consistent across all of those environments.

A system may receive a query configured to access a column in a data table. The data table may be in a flat file in a big data storage format. The system may detect the language type of the query and validate the query against the syntax of the language type. The system may also validate an access permission for data in the data table. The access permission may be stored in a permissions database. The system may generate a temporary table including the column with the temporary table configured to support the language type. The system may execute the query against the temporary table to generate a query result based on the temporary table as though it were the underlying data table. The system may enforce column-level or row-level access permissions by excluding columns or rows from the temporary table.

Systems, methods, and computer-readable media for annotating process and user information for network flows. In some embodiments, a capturing agent, executing on a first device in a network, can monitor a network flow associated with the first device. The first device can be, for example, a virtual machine, a hypervisor, a server, or a network device. Next, the capturing agent can generate a control flow based on the network flow. The control flow may include metadata that describes the network flow. The capturing agent can then determine which process executing on the first device is associated with the network flow and label the control flow with this information. Finally, the capturing agent can transmit the labeled control flow to a second device, such as a collector, in the network.

Systems, methods, and computer-readable media are provided for determining a packet's round trip time (RTT) in a network. A system can receive information of a packet sent by a component of the network and further determine an expected acknowledgement (ACK) sequence number associated with the packet based upon received information of the packet. The system can receive information of a subsequent packet received by the component and determine an ACK sequence number and a receiving time of the subsequent packet. In response to determining that the ACK sequence number of the subsequent TCP packet matches the expected ACK sequence number, the system can determine a round trip time (RTT) of the packet based upon the received information of the packet and the received information of the subsequent packet.

Systems and methods are provided for automatically discovering applications/clusters in a network and mapping dependencies between the applications/clusters. A network monitoring system can capture network flow data using sensors executing on physical and/or virtual servers of the network and sensors executing on networking devices connected to the servers. The system can determine a graph including nodes, representing at least the servers, and edges, between pairs of the nodes of the graph indicating the network flow data includes one or more observed flows between pairs of the servers represented by the pairs of the nodes. The system can determine a dependency map, including representations of clusters of the servers and representations of dependencies between the clusters, based on the graph. The system can display a first representation of a first cluster of the dependency map and information indicating a confidence level of identifying the first cluster.

A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed on a second host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that the second packet flow was transmitted by a component that bypassed an operating stack of the first host or a packet capture agent at the device to yield a determination, detecting that hidden network traffic exists, and predicting a malware issue with the first host based on the determination.

An approach for establishing a priority ranking for endpoints in a network. This can be useful when triaging endpoints after an endpoint becomes compromised. Ensuring that the most critical and vulnerable endpoints are triaged first can help maintain network stability and mitigate damage to endpoints in the network after an endpoint is compromised. The present technology involves determining a criticality ranking and a secondary value for a first endpoint in a datacenter. The criticality ranking and secondary value can be combined to form priority ranking for the first endpoint which can then be compared to a priority ranking for a second endpoint to determine if the first endpoint or the second endpoint should be triaged first.

Systems, methods, and computer-readable media are provided for determining a packet's round trip time (RTT) in a network. A system can receive information of a packet sent by a component of the network and further determine an expected acknowledgement (ACK) sequence number associated with the packet based upon received information of the packet. The system can receive information of a subsequent packet received by the component and determine an ACK sequence number and a receiving time of the subsequent packet. In response to determining that the ACK sequence number of the subsequent TCP packet matches the expected ACK sequence number, the system can determine a round trip time (RTT) of the packet based upon the received information of the packet and the received information of the subsequent packet.

In an approach to building a file system for multiple architectures, responsive to receiving a manifest for a file system build, a base layer is retrieved for each platform to be built, where the base layer is an operating system base. Responsive to determining that any layer to be built has not been built, the next layer to be built is retrieved. Responsive to the next layer to be built is platform-independent, the next layer is retrieved from a cache, where the next layer supports each platform. Responsive to the next layer to be built is platform-dependent, the next layer is built, where a copy of the next layer is built for each platform. The above steps are iteratively repeated until each layer is built. A single image of a completed file system build is stored, where the single image supports each platform.

Systems and methods for query-based recommendation systems using machine learning-trained classifiers are provided. A service provider server receives, from a communication device through an application programming interface, a query in an interaction between the server provider server and the communication device. The service provider server generates a vector of first latent features from a set of first visible features associated with the query using a machine learning-trained classifier. The service provider server generates a likelihood scalar value indicating a likelihood of the query is answered by a candidate user in a set of users using a combination of the vector of first latent features and a vector of second latent features. The service provider server provides, to the communication device through the application programming interface, a recommendation message as a response to the query, where the recommendation message includes the likelihood scalar value and an indication of the candidate user.