A cloud-based network management system (NMS) stores path data from network devices operating as network gateways for an enterprise network, the path data collected by each network device of the plurality of network devices. The NMS determines, for a logical path within a specified time window, a wireless signal quality and a link quality based at least in part on the path data. The NMS, in response to determining that the logical path is of a poor link quality, determine a correlation between a poor wireless quality and the poor link quality. The NMS may output a notification that indicates the correlation between the poor wireless quality and the poor link quality of the logical path.

A method by one or more electronic devices for identifying and classifying community attacks. The method includes determining, for each of a plurality of enterprise networks, one or more incidents occurring in that enterprise network based on analyzing security alerts generated by a web application layer attack detector used to protect a web application hosted in that enterprise network, where each incident represents a group of security alerts that have been determined as being associated with the same security event, grouping incidents occurring across the plurality of enterprise networks into groups of incidents, where incidents that are determined as having similar features are grouped into the same group of incidents, and classifying each of one or more of the groups of incidents as being an industry-based attack or a spray-and-pray attack based on industry classifications of incidents within that group of incidents.

A latency processing system detects traffic at a cloud service end point and analyzes packets in the detected traffic to identify a network configuration of a client that is accessing the cloud service. Latency components corresponding to different parts of the network configuration are identified and quantified. A recommendation engine is controlled to generate and surface an output indicative of recommendations for reducing network latency.

Provided are a system, method, and computer program product for network anomaly detection. The method includes receiving event data associated with a plurality of events in a computer network. The method also includes determining nested groups of the event data representing tiers of an operational hierarchy. The method further includes generating display data to show a graphical representation of the event including a plurality of nested graphical nodes and at least one spline. Each graphical node is associated with a group or a computer node, each graphical node encompasses and/or is encompassed by another graphical node, a size of each graphical node is proportional to an aggregated parameter value of events associated therewith, each spline connects at least two graphical nodes and includes a curve that passes through a common graphical node, and each spline is associated with a communication between at least two computer nodes.

Some embodiments provide a method of tracking errors in a container cluster network overlaying a software defined network (SDN), sometimes referred to as a virtual network. The method sends a request to instantiate a container cluster network object to an SDN manager of the SDN. The method then receives an identifier of a network resource of the SDN for instantiating the container cluster network object. The method associates the identified network resource with the container cluster network object. The method then receives an error message regarding the network resource from the SDN manager. The method identifies the error message as applying to the container cluster network object. The error message, in some embodiments, indicates a failure to initialize the network resource. The container cluster network object may be a namespace, a pod of containers, or a service.

A failure notification system includes a logical configuration provider which provides logical configurations in which a plurality of types of hardware are virtualized, a processor using logical configurations provided from the logical configuration provider, and a failure notifier which notifies the processor 3 of a failure in the logical configuration provider. A notifier includes a storage device 10 which stores hardware configuration data in which an ID of the hardware is associated with an ID of a logical configuration corresponding to the hardware, a logical configuration identifier which identifies a logical configuration corresponding to hardware from which a failure is detected from the hardware configuration data when a failure in the hardware is detected, and a notifier which notifies the processor of occurrence of a failure in the logical configuration identified by the logical configuration identifier.

A first aspect of the invention provides a method of fault monitoring in a utility supply network, the method comprising: receiving user queries, each user query about a performance of the network at a respective location; defining a region based on the locations specified in the received user queries; determining an estimate of a user population in the region; and according the region, based on the estimate, a priority for one or more of fault investigation and remediation.

A data intake and query system collects performance data from client devices and host devices and stores the performance data in one or more indexes. The system is further configured to facilitate correlation of the performance data collected from the client devices and the separate performance data collected from the host devices. For example, based on a determination that one or more identifiers stored in a portion of performance data received from client devices match one or more identifiers stored in a portion of the performance data received from host devices, a data intake and query may determine that the data portions are related. The portions of performance data, for example, may correspond to events the data intake and query system derives from the performance data collected from both client devices and host devices.

The disclosed technology is directed towards automatically detecting failure states and the cause of the failure. For a network, the technology collects status messages from equipment and customers into batches as they occur. The technology groups and aggregates messages, then transforms the aggregations to the frequency domain. Anomalies induce detectable changes in the particle distribution of a trained particle filter, from which an anomalous spectrogram is generated. The status messages of each device are iteratively removed from the larger set of messages, resulting in reduced subsets that are each aggregated, transformed into a modified spectrogram and compared against the anomalous spectrogram to obtain a distance score. The distance score for each device is used to rank the devices with respect to being the cause of the failure.

Systems, methods, and computer-readable media for fault code aggregation across application-centric dimensions. In an example embodiment, a system obtains respective fault codes corresponding to one or more network devices in a network and maps the one or more network devices and/or the respective fault codes to respective logical policy entities defined in a logical policy model of the network, to yield fault code mappings. The system aggregates the one or more of the fault code mappings along respective logical policy dimensions in the network to yield an aggregation of fault codes across respective logical policy dimensions and, based on the aggregation, presents, for each of the respective logical policy dimensions, one or more hardware-level errors along the respective logical policy dimension.