Systems, methods, techniques and apparatuses for managing distributed applications of networked intelligent agents are disclosed. The agents are operably to autonomously discover semantic profiles and associated data of other agents in a networked system participating in a given application. The agents need not be in direct communication with or known to all the other agents in the networked system.

Methods and systems for configuring a security policy for an enterprise within an enterprise security management tool are disclosed. In some aspects, such systems receive a definition of at least one custom classification within a user interface of the enterprise security management configuration tool, including a name of a profile and network activity associated with one or more nodes to be included within the profile. Such systems also generate a security settings file to be applied within the enterprise, the security settings file including, for each profile, a common security policy to each of the nodes included in the profile. The profiles to which the security settings file is applied include the profile defined by the at least one custom classification.

The present disclosure relates to systems, non-transitory computer-readable media, and methods for dynamically updating the connection pool for a web server without any interruption to the resource. In particular, in one or more embodiments, the disclosed systems can continuously monitor load data for various web servers. Further, the disclosed systems can utilize load data, historical load data, and/or user settings to predict a number of connections over a future time period and can determine an updated connection pool size for a web server based on that predicted number of connections. The disclosed systems can also dynamically modify the connection pool size for the web server based on the updated connection pool size without interrupting the resource or any of its ongoing connections in any way.

In a method for managing a physical network, whether a slice owner of a virtual network slice in the physical network is allowed to view a network information message is determined based on at least one of classification metadata or allocation metadata associated with the virtual network slice. The network information message, which is received from the physical network, includes at least one of (i) an autonomous notification from a network node in the physical network or (ii) operational data for the network node in the physical network. The network information message is provided to the slice owner in response to determining that the slice owner is allowed to view the network information message.

Methods, apparatuses and computer readable storage mediums provide virtual network slicing without duplicating network configuration data (also referred to as network configuration information) on a slice-by-slice basis by maintaining a single physical network datastore including network configuration information for all network entities in the physical network, but generating slice views for respective virtual network slices as needed over time. Methods, apparatuses and computer readable storage mediums also enable configuration of a plurality of virtual network slices sharing a physical network infrastructure.

Methods, apparatuses and computer readable storage mediums provide virtual network slicing without duplicating network configuration data (also referred to as network configuration information) on a slice-by-slice basis by maintaining a single physical network datastore including network configuration information for all network entities in the physical network, but generating slice views for respective virtual network slices as needed over time. Methods, apparatuses and computer readable storage mediums also enable configuration of a plurality of virtual network slices sharing a physical network infrastructure.

In one embodiment, a device classification service extracts, for each of a plurality of time windows, one or more sets of traffic features of network traffic in a network from traffic telemetry data captured by the network. The service represents, for the time windows, the extracted one or more sets of traffic features as feature vectors. A feature vector for a time window indicates whether each of the traffic features was present in the network traffic during that window. The service trains, using a training dataset based on the feature vectors, a cascade of machine learning classifiers to label devices with device types. The service uses the classifiers to label a particular device in the network with a device type based on the traffic features of network traffic associated with that device. The service initiates enforcement of a network policy regarding the device based on its device type.

Methods, apparatuses and computer readable storage mediums provide virtual network slicing without duplicating network configuration data (also referred to as network configuration information) on a slice-by-slice basis by maintaining a single physical network datastore including network configuration information for all network entities in the physical network, but generating slice views for respective virtual network slices as needed over time. Methods, apparatuses and computer readable storage mediums also enable configuration of a plurality of virtual network slices sharing a physical network infrastructure.

Methods and systems for configuring a security policy for an enterprise within an enterprise security management tool are disclosed. In some aspects, such systems receive a definition of at least one custom classification within a user interface of the enterprise security management configuration tool, including a name of a profile and network activity associated with one or more nodes to be included within the profile. Such systems also generate a security settings file to be applied within the enterprise, the security settings file including, for each profile, a common security policy to each of the nodes included in the profile. The profiles to which the security settings file is applied include the profile defined by the at least one custom classification.

In one example embodiment, a server obtains network flow metadata of a network flow of a host in a network. The server identifies one or more attributes of the network flow metadata. For each host group of a plurality of host groups, the server determines whether the one or more attributes of the network flow metadata satisfy one or more criteria for the host group. For each host group for which it is determined that the one or more attributes of the network flow metadata satisfy the one or more criteria, the server classifies the host as belonging to the host group.