公开(公告)号：US20230015632A1

公开(公告)日：2023-01-19

申请号：US17374617

申请日：2021-07-13

Applicant: VMware, Inc.

Inventor： Sirisha Myneni ,  Nafisa Mandliwala ,  Subrahmanyam Manuguri

IPC: H04L29/06 ,  G06F9/54

Abstract: Some embodiments of the invention provide a method of implementing an intent-based intrusion detection and prevention system in a datacenter that includes a set of host computers that each execute multiple machines. The method receives, from the set of host computers, multiple contextual attributes that define one or more compute environments. Through a user interface, the method presents the multiple contextual attributes and a set of controls for use in generating intent-based API commands. The method receives, through the user interface, an intent-based API command that defines intent for a set of one or more intrusion detection rules to be enforced in the datacenter, the intent defined in terms of one or more of the multiple contextual attributes. The method processes the intent-based API command in order to distribute intrusion detection system configuration data to configure, for each host computer in the set of host computers, an intrusion detection system operating on the host computer.

公开(公告)号：US20210081461A1

公开(公告)日：2021-03-18

申请号：US16569015

申请日：2019-09-12

Applicant: VMware, Inc.

Inventor： Jingmin Zhou ,  Subrahmanyam Manuguri ,  Jayant Jain ,  Anirban Sengupta

IPC: G06F16/903 ,  G06N5/02 ,  G06F17/27 ,  G06K9/00

Abstract: In some embodiments, a method stores a plurality of identifiers for a plurality of rules. The plurality of rules each include a set of patterns, and a rule and a pattern combination is associated with an identifier in the plurality of identifiers. Information being sent on a network is scanned and the method determines when a pattern in the information matches a pattern for a rule. The method identifies an identifier for the pattern where the identifier identifies a rule and a pattern combination. Then, the method identifies the rule and the pattern combination based on the identifier. The set of patterns for the rule is found in the information based on determining that the rule and the pattern combinations for the rule have been found in the information.

公开(公告)号：US10938594B1

公开(公告)日：2021-03-02

申请号：US16742685

申请日：2020-01-14

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Mike Parsa ,  Xinhua Hong ,  Subrahmanyam Manuguri ,  Anirban Sengupta

IPC: H04L12/28 ,  H04L29/06 ,  H04L12/46

Abstract: Some embodiments of the invention provide novel methods for providing a stateful service at a network edge device (e.g., an NSX edge) that has a plurality of north-facing interfaces (e.g., interfaces to an external network) and a plurality of corresponding south-facing interfaces (e.g., interfaces to a logical network). In some embodiments, the network edge device receives data messages from a first gateway device from a logical network, provides the stateful network service to the data message, and forwards the data message towards the destination through a corresponding interface connected to a physical network.

公开(公告)号：US20200296078A1

公开(公告)日：2020-09-17

申请号：US16352577

申请日：2019-03-13

Applicant: VMware, Inc.

Inventor： Jingmin Zhou ,  David Lorenzo ,  Subrahmanyam Manuguri ,  Anirban Sengupta

IPC: H04L29/06 ,  G06F9/455 ,  G06F16/901

Abstract: In some embodiments, a method receives a packet at an instance of a distributed firewall associated with one of a plurality of workloads running on a hypervisor. Each of the plurality of workloads has an associated instance of the distributed firewall. An index table is accessed for the workload where the index table includes a set of references to a set of rules in a rules table. Each workload in the plurality of workloads is associated with an index table that references rules that are applicable to each respective workload. The method then accesses at least one rule in a set of rules associated with the set of references from the rules table and compares one or more attributes for the packet to information stored for the at least one rule in the set of rules to determine a rule in the set of rules to apply to the packet.

公开(公告)号：US09923786B2

公开(公告)日：2018-03-20

申请号：US15043958

申请日：2016-02-15

Applicant: VMware, Inc.

Inventor： Subrahmanyam Manuguri ,  Anirban Sengupta ,  Andre Khan

IPC: H04J3/16 ,  H04L12/24

CPC classification number: H04L41/5058 ,  H04L41/12 ,  Y02D30/30

Abstract: A system and method for performing a service discovery on a distributed computer system includes obtaining information of a service that is provided by a host computer in the distributed computer system and embedding the information into a Link Layer Discovery Protocol (LLDP) data frame to be transmitted from the host computer to another component of the distributed computer system.