Control circuitry is configured to establish a first connection with one or more onboard passenger service devices using a network interface. The control circuitry is further configured to receive a set of system log data from the one or more onboard passenger service devices via the network interface and store one or more log signatures in non-volatile data storage media. The control circuitry is further configured to detect a first fault related to a first onboard passenger service device of the one or more onboard passenger service devices and store a first set of transmission rule data in the non-volatile data storage media. The control circuitry is further configured to filter the set of system log data, establish a second connection with a remote computing device using the network interface, and transmit a subset of system log data to the remote computing device via the network interface.

The present disclosure relates to a 4G or 5G core network system (10). The system (10) comprises a plurality of network functions (15) in a 4G or 5G core network (11), wherein the network functions (15) are configured to communicate with each other using data packets. The system (10) further comprises at least one deep packet inspection (DPI) engine (13) which is configured to process the data packets and to analyze a protocol stack of said data packets in order to detect security-relevant activities in the 4G or 5G core network (11).

A system for providing secure browsing via a transparent network proxy is disclosed. The system may receive, from a client, a request to access a resource. The request may include an identifier that may be utilized to locate the resource. Once the request is received, the system may determine if the resource is not trusted, such as if the identifier is determined to be unknown or suspicious. If the resource is determined to not be trusted by the system, the system may forward the request to a virtual machine manager that may select a browser virtual machine from a pool of browser virtual machines. After the browser virtual machine is selected, the browser virtual machine may stream a rendering of the resource to the client based on the request. The rendering of the resource may be provided in lieu of the actual resource.

A policy engine is situated within the communications path of a cloud computing environment and a user of the cloud computing environment to comply with an organization's policies for deploying web applications in the cloud computing environment. The policy engine intercepts communications packets to the cloud computing environment from a user, such as a web application developer, for example, in preparation for deploying a web application in the cloud computing environment. The policy engine identifies commands corresponding to the communications packets and directs the communications packets to appropriate rules engines corresponding to such commands in order to execute rules to comply with an organization's policies. Upon completion of execution of the rules, the communications packets are forwarded to the cloud computing environment if they comply with the policies.

A method of operating a modular surgical system including a control module, a first surgical module, and a second surgical module is disclosed. The method includes detachably connecting the first surgical module to the control module by stacking the first surgical module with the control module in a stack configuration, detachably connecting the second surgical module to the first surgical module by stacking the second surgical module with the control module and the first surgical module in the stack configuration, powering up the modular surgical system, and monitoring distribution of power from a power supply of the control module to the first surgical module and the second surgical module.

The disclosed embodiments disclose techniques for leveraging instrumentation capabilities to enable monitoring services. During operation, an operating system kernel is instrumented to associate a sub-program with a target operation. Upon receiving a request from an application to perform the target operation, the operating system kernel executes the sub-program with kernel privileges in the process context of the application. The sub-program analyzes the memory space associated with the application to extract a desired data value. This extracted data value is returned to at least one of a specified target process or target location.

Systems and methods are provided for managing false positives in a network anomaly detection system. The methods may include receiving a plurality of anomaly reports; extracting fields, and values for the fields, from each of the anomaly reports; grouping the anomaly reports into a plurality of groups according to association rule learning, wherein each group is defined by a respective rule; for each group, creating a cluster based on common values for the fields; and marking each cluster as a possible false positive anomaly cluster.

A data transmission system for a mobile platform comprises non-volatile data storage media, a network interface, and control circuitry. The control circuitry is configured to establish a first connection with one or more onboard passenger service devices providing a passenger service at the mobile platform using the network interface. The control circuitry is further configured to receive a set of system log data from the one or more onboard passenger service devices via the network interface and store one or more log signatures in the non-volatile data storage media. The control circuitry is further configured to detect faults fault related to onboard passenger service devices, store transmission rule data that includes rules for filtering system log data, filter the set of system log data based on the transmission rule data, and transmit a subset of system log data to the remote computing device via the network interface.

A security appliance may incorporate a touch screen or similar input/output interface, providing command and control over network functionality and configuration, without requiring log in via a network from another computing device. During denial of service attacks, commands from the local interface may be given priority access to processing resources and memory, allowing mitigating actions to be taken, such as shutting down ports, blacklisting packet sources, or modifying filter rules. This may allow the security device to address attacks without having to be manually rebooted or disconnected from the network.

The technology disclosed applies data loss prevention (DLP) to those cloud-applications for which no application-specific parser is available. Known cloud applications can be arranged in categories of services such as “personal pages and blog,” “news websites,” “cloud-based storage services,” and “social media services.” A category includes a list of uniform resource locators (URLs) of providers of cloud applications that allow users to perform similar activities. The various providers in a category use different syntaxes to implement services in the category. The disclosed category-directed parsers synthesize interaction syntax patterns of a sample of providers in the category. A category-directed parser collects metadata from known cloud applications using multiple category-directed match rules synthesized from syntaxes used by the sample providers in the category. The metadata collected by the category-directed parser enables the DLP processor to focus analysis of the content being conveyed via a corresponding API.