An example method includes recording, by a node out of a plurality of nodes, occurrence of one or more baseline node events, generating a statistical data corresponding to a recorded occurrence of the one or more baseline node events over a pre-determined period, comparing one or more subsequent node events with the statistical data, and communicating data corresponding to the one or more subsequent node events to the central control device, in response to determining that the one or more subsequent node events satisfy the event deviation threshold.

Machine data reflecting operation of a monitored system is ingested and made available for search by a data intake and query system (DIQS). A monitoring function may search the data ingested by the DIQS to determine instances of notable events in regards to the monitored system and may further determine a defined invokable action message (IAM) associated with a notable event instance. Processing ensues to send an IAM to a communications device used by support personnel. The IAM includes information about an action invocation message (AIM) suitable to cause the performance of an action that possibly remedies or improves an operational condition represented by the notable event. Support personnel engages a user interface representation corresponding to the AIM and the AIM is sent to a remedial node where performance of the action is invoked.

The technology disclosed includes a system to group security alerts generated in a computer network and prioritize grouped security alerts for analysis. The system includes graphing entities in the computer network as entities connected by one or more edges. Native scores for pending alerts are assigned to nodes or to edges between the nodes. A connection type is assigned to each edge and weights are assigned to edges representing relationship strength between the nodes. The technology disclosed includes traversing the graph starting at starting nodes and propagating native scores through and to neighboring nodes connected by the edges. Aggregate score for a visited node is calculated by accumulating propagated scores at visited nodes with their respective native scores. The technology disclosed forms clusters of connected nodes in the graph that have a respective aggregate score above a selected threshold. The clusters are ranking and prioritized for analysis.

A system and method that uses midservers located between the business enterprise computer infrastructure and the cloud-based infrastructure to collect, aggregate, analyze, transform, and securely transmit data from a multitude of computing devices and peripherals at an external network to a cloud-based service.

The disclosure relates to an electronic apparatus and a method of controlling the same. The electronic apparatus includes: a communication interface; and a processor configured to receive log data of a plurality of devices connected to a network through the communication interface, acquire operation time information of each of the devices from the received log data, calculate similarity of the operation time between the plurality of devices based on the acquired operation time information, and determine a device group including two or more devices with relatively high calculated similarity among the plurality of devices.

During operation, an electronic device may emulate client functionality associated with a virtual client in a wireless network, where emulating the client functionality includes generating a first frame that is compatible with a wireless communication protocol and is associated with fictious wireless communication with the virtual client. Then, the electronic device may provide, to a computer, a second frame that includes at least a portion of the first frame, where the second frame is compatible with a wired communication protocol. Next, the electronic device may receive, from the computer, a response message based at least in part on the first frame, where the response message includes information associated with a service provided by the computer. Moreover, the electronic device may assess the service based at least in part on the information and may selectively perform the remedial action based at least in part on the assessment.

An information distribution system includes a plurality of monitoring devices that monitor Information Technology (IT) systems associated with respective monitoring devices, and a sharing device that transmits and receives information to and from the monitoring devices, wherein each of the plurality of monitoring devices includes first processing circuitry configured to provide the sharing device with know-how information including at least detection information and handling procedure information, the detection information being information for detecting a failure based on a log message output from the corresponding IT system, the handling procedure information being information in which a log message related to each failure and a handling procedure for the failure are associated with each other, and acquire the know-how information managed by the sharing device, and the sharing device includes second processing circuitry configured to collect the know-how information provided by the plurality of monitoring devices, and merge the collected know-how information.

An information distribution system includes a plurality of monitoring devices that monitor Information Technology (IT) systems associated with respective monitoring devices, and a sharing device that transmits and receives information to and from the monitoring devices, wherein each of the plurality of monitoring devices includes first processing circuitry configured to provide the sharing device with know-how information including at least detection information and handling procedure information, the detection information being information for detecting a failure based on a log message output from the corresponding IT system, the handling procedure information being information in which a log message related to each failure and a handling procedure for the failure are associated with each other, and acquire the know-how information managed by the sharing device, and the sharing device includes second processing circuitry configured to collect the know-how information provided by the plurality of monitoring devices, and merge the collected know-how information.

Systems and methods for detection, characterization, prediction, and next occurrence prediction of approximately periodic chain of events with missing occurrences using pattern recognition obtaining data from monitoring a system, wherein the data includes a plurality of records each includes at least a start time and a unique identifier; analyzing the plurality of records to detect a periodic chain of events, wherein the periodic chain of events includes clear or approximate periodicity that is detected based on a plurality of parameters including some missing occurrences therein; converting the periodic chain of events into a binary sequence with each bit representing a time bin and having a value based on a presence or absence of an event in the time bin; and analyzing the binary sequence to recognize a pattern therein to determine a next occurrence of an event in the periodic chain of events.

Methods and systems for stitching real-time and historical data are disclosed herein. The data may be gathered from a line card and represent metrics of hardware or software elements of the line card. The historical data may be transferred and stored in an archive of a control card of a network element and the real-time data may be accessed by a proxy host of the control card substantially in real-time. A network administration device may access the historical data on the file collector and/or the real-time data from the proxy host of the control card and convert them to a time series database format and store the converted data in a time series database. A user may access a portion of the converted real-time and/or historical data using a graphical user interface, the accessed portion representing data gathered during a period of time selected by the user.