公开(公告)号：US20220210167A1

公开(公告)日：2022-06-30

申请号：US17137385

申请日：2020-12-30

Applicant: VMware, Inc.

Inventor： Venkatakrishnan RAJAGOPALAN ,  Sirisha MYNENI ,  Srinivas RAMASWAMY ,  Nafisa MANDLIWALA ,  Robin MANHAS

IPC: H04L29/06 ,  G06F9/455

Abstract: Example methods and systems for context-aware intrusion detection are described. In one example, in response to determination that there is a matching intrusion detection signature based on packet flow information associated with a packet, a computer system may generate an intrusion detection alert that identifies the matching intrusion detection signature and the packet flow information. Further, the computer system may map the intrusion detection alert to contextual information, and generate a context-aware intrusion detection alert to trigger a context-aware remediation action based on at least the contextual information. The intrusion detection alert may be enhanced with context information associated with at least one of the following: the virtualized computing instance, a client device associated with the virtualized computing instance, and a user operating the client device.

公开(公告)号：US20240250905A1

公开(公告)日：2024-07-25

申请号：US18158741

申请日：2023-01-24

Applicant: VMware, Inc.

Inventor： Pierluigi ROLANDO ,  Subramanyam MANUGURI ,  Raju KOGANTY ,  Yuxiao ZHANG ,  Akhila NAVEEN ,  Mani Prasad KANCHERLA ,  Srinivas RAMASWAMY ,  Jayakrishnan CHATHU ,  Krishna Chaitanya BANDI ,  Hui ZHENG

IPC: H04L45/586 ,  H04L45/00 ,  H04L45/42

CPC classification number: H04L45/586 ,  H04L45/42 ,  H04L45/566

Abstract: An example method of packet processing in a host cluster of a virtualized computing system includes: receiving traffic at packet processing software of a hypervisor executing on a host of the host cluster; processing the traffic using a network service of the packet processing software in the hypervisor; redirecting the traffic to a service virtual machine (VM) in the host cluster through a virtual network interface card (vNIC) of the service VM; sending metadata from the network service of the packet processing software to the service VM; processing the traffic and the metadata through at least one network service executing in the service VM; returning the traffic from the service VM to the packet processing software of the hypervisor; and forwarding, by the packet processing software, the traffic to a destination.