公开(公告)号：US11463300B2

公开(公告)日：2022-10-04

申请号：US16927542

申请日：2020-07-13

Applicant: VMware, Inc.

Inventor： Nafisa Mandliwala ,  Sirisha Myneni ,  Robin Manhas ,  Baibhav Singh

IPC: H04L41/0681 ,  H04L41/0695 ,  H04L41/0631 ,  H04L9/40

Abstract: The disclosure provides an approach for remediating false positives for a network security monitoring component. Embodiments include receiving an alert related to network security for a virtual computing instance (VCI). Embodiments include collecting, in response to receiving the alert, context information from the VCI. Embodiments include providing a notification to a management plane based on the alert and the context information. Embodiments include receiving, from the management plane, in response to the notification, an indication of whether the alert is a false positive. Embodiments include training a model based on the alert, the context information, and the indication to determine whether a given alert is a false positive.

公开(公告)号：US11258718B2

公开(公告)日：2022-02-22

申请号：US16686922

申请日：2019-11-18

Applicant: VMware, Inc.

Inventor： Suresh Muppala ,  Nafisa Mandliwala ,  Sirisha Myneni ,  Venkatakrishnan Rajagopalan

IPC: H04L12/851 ,  G06F9/455 ,  H04L12/861 ,  H04L12/863 ,  H04L47/2441 ,  H04L49/90 ,  H04L47/62

Abstract: The disclosure provides an approach for rate limiting packets in a network. Embodiments include receiving, by a rate limiting engine running on a host machine, a network event related to a virtual computing instance running on the host machine, the network event comprising flow information about a network flow. Embodiments include receiving, by the rate limiting engine, context information corresponding to the network flow, wherein the context information comprises one or more of a user characteristic or an application characteristic. Embodiments include determining, by the rate limiting engine, a priority for the network flow by applying a rate limiting policy to the flow information and the context information. Embodiments include providing, by the rate limiting engine, the priority for the network flow to a multiplexer for use in rate limiting the network flow.

公开(公告)号：US10938681B2

公开(公告)日：2021-03-02

申请号：US16045108

申请日：2018-07-25

Applicant: VMware, Inc.

Inventor： Arijit Chanda ,  Nafisa Mandliwala

IPC: H04L12/26 ,  H04L29/06

Abstract: Example methods are provided for a first host to perform context-aware network mapping a software-defined networking (SDN) environment. One example method may comprise: detecting multiple packet flows that include an egress packet flow originating from a first endpoint and destined for a second host, and an ingress packet flow originating from a second host or a third host and destined for the first endpoint or a second endpoint. The method may also comprise: in response to detecting the egress packet flow, obtaining first packet flow information and first context information; in response to detecting the ingress packet flow, obtaining second packet header information and second context information; and generating network map information that identifies the egress packet flow based on the first packet flow information and first context information, and the ingress packet flow based on the second packet flow information and second context information.