公开(公告)号：US20210029050A1

公开(公告)日：2021-01-28

申请号：US16520220

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Russell Lu ,  Ly Loi ,  Rick Lund ,  Sushruth Gopal

IPC: H04L12/891 ,  H04L12/851 ,  H04L12/26

Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Each host computer, in some embodiments, is responsible for collecting and reporting attributes of data flows associated with machines executing on a host computer. In some embodiments, the host computer includes a flow exporter that processes and publishes flow data to the analysis appliance, a set of agents for collecting context data relating to the flows from machines executing on the host, a set of additional modules that provide additional context data, an anomaly detection engine that analyzes flow data and context data and provides additional context data, and a context exporter for processing and publishing context data to the analysis appliance.

公开(公告)号：US11288256B2

公开(公告)日：2022-03-29

申请号：US16520232

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Russell Lu ,  Ly Loi ,  Rick Lund ,  Arnold Poon

IPC: G06F16/23 ,  G06F16/22 ,  G06N20/00 ,  G06F21/55

Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. The analysis appliance, in some embodiments, receives definitions of keys and provides them to the host computers. In some embodiments, existing keys are modified based on the analysis. Additionally, or alternatively, new keys are provided based on the analysis. In some embodiments, the analysis appliance receives the flow group records (e.g., sets of attributes) based on the keys and the configuration data from each host computer.

公开(公告)号：US11188570B2

公开(公告)日：2021-11-30

申请号：US16520224

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Russell Lu ,  Ly Loi ,  Rick Lund ,  Sushruth Gopal

IPC: G06F17/00 ,  G06F16/28 ,  G06N20/00 ,  G06N5/04 ,  G06F16/2455 ,  G06F9/455 ,  G06F21/55

Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Each host computer, in some embodiments, is responsible for collecting and reporting attributes of data flows associated with machines executing on a host computer. The host computer, in some embodiments, first eliminates duplicative flow group records and then aggregates the flow data according to a set of received keys that specify attributes that define the aggregation. For example, a simple key that specifies a set of machine identifiers (e.g., a VM ID) as attribute values will, for each machine identifier, aggregate all flows with that machine identifier into a single aggregated flow group record. In some embodiments, the host computer includes a flow exporter that processes and publishes flow data to the analysis appliance.

公开(公告)号：US20210026870A1

公开(公告)日：2021-01-28

申请号：US16520224

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Russell Lu ,  Ly Loi ,  Rick Lund ,  Sushruth Gopal

IPC: G06F16/28 ,  G06N20/00 ,  G06N5/04 ,  G06F16/2455

Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Each host computer, in some embodiments, is responsible for collecting and reporting attributes of data flows associated with machines executing on a host computer. The host computer, in some embodiments, first eliminates duplicative flow group records and then aggregates the flow data according to a set of received keys that specify attributes that define the aggregation. For example, a simple key that specifies a set of machine identifiers (e.g., a VM ID) as attribute values will, for each machine identifier, aggregate all flows with that machine identifier into a single aggregated flow group record. In some embodiments, the host computer includes a flow exporter that processes and publishes flow data to the analysis appliance.

公开(公告)号：US20210026830A1

公开(公告)日：2021-01-28

申请号：US16520232

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Russell Lu ,  Ly Loi ,  Rick Lund ,  Arnold Poon

IPC: G06F16/23 ,  G06F16/22

Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. The analysis appliance, in some embodiments, receives definitions of keys and provides them to the host computers. In some embodiments, existing keys are modified based on the analysis. Additionally, or alternatively, new keys are provided based on the analysis. In some embodiments, the analysis appliance receives the flow group records (e.g., sets of attributes) based on the keys and the configuration data from each host computer.