公开(公告)号：US11544375B2

公开(公告)日：2023-01-03

申请号：US16718174

申请日：2019-12-17

Applicant: VMware, Inc.

Inventor： Sirisha Myneni ,  Nafisa Mandliwala ,  Subrahmanyam Manuguri ,  Anirban Sengupta

IPC: G06F21/55 ,  G06N5/04 ,  G06N20/00

Abstract: File events are correlated with intrusion detection alerts for corrective action. A monitoring component receives file events from a thin agent. An analysis component analyzes the file events and metadata obtained from the intrusion detection alerts, such as attack type or file name, to correlate a set of file events to at least one detected action (intrusion) described in the alert. A recommendation component identifies one or more options, including one or more corrective actions, which are applicable for remediating the alert. The set of options includes a recommended action from two or more possible corrective actions. The set of options are output or displayed to the user. The user selects which option/action to perform in response to the alert. In some examples, an automatic response is performed without user selection with respect to selected types of alerts, detected action(s), selected file(s) or other user-generated criteria.

公开(公告)号：US20160371108A1

公开(公告)日：2016-12-22

申请号：US14821829

申请日：2015-08-10

Applicant: VMWARE, INC.

Inventor： JIVAN MADTHA ,  AMIT RATNAPAL SANGODKAR ,  Makarand Ramesh Gawade ,  Nafisa Mandliwala

IPC: G06F9/455 ,  H04L29/08

CPC classification number: G06F9/45558 ,  G06F2009/45595 ,  H04L67/10

Abstract: A system for a reservation for a multi-machine application can include a server virtualization engine configured to create a mixed reservation of information technology resources from a cluster of hosts including a virtual machine host and a container host. The system can include a cloud management engine configured to create a multi-machine blueprint from the mixed reservation including a virtual machine template, a container image, and a definition of networking. The cloud management engine can be configured to deploy the multi-machine blueprint to provide a multi-machine application.

Abstract translation: 用于多机应用的预留的系统可以包括被配置为从包括虚拟机主机和容器主机的主机集合创建信息技术资源的混合预留的服务器虚拟化引擎。 该系统可以包括云管理引擎，其被配置为从混合预留创建多机器蓝图，包括虚拟机模板，容器图像和网络的定义。 云管理引擎可以配置为部署多机蓝图以提供多机应用。

公开(公告)号：US11641305B2

公开(公告)日：2023-05-02

申请号：US16714805

申请日：2019-12-16

Applicant: VMware, Inc.

Inventor： Sirisha Myneni ,  Kausum Kumar ,  Nafisa Mandliwala ,  Venkatakrishnan Rajagopalan

IPC: H04L41/0631 ,  H04L41/0654 ,  H04L41/0604 ,  H04L12/46 ,  H04L45/02 ,  H04L69/22 ,  H04L45/64

Abstract: Example methods and systems are provided for network diagnosis. One example method may comprise: detecting an egress packet and determining whether each of multiple network issues is detected for the egress packet or a datapath between a first virtualized computing instance and a second virtualized computing instance. The method may also comprise: generating network diagnosis code information specifying whether each of the multiple network issues is detected or not detected; generating an encapsulated packet by encapsulating the egress packet with an outer header that specifies the network diagnosis code information; and sending the encapsulated packet towards the second virtualized computing instance to cause a second computer system to perform one or more remediation actions based on the network diagnosis code information.

公开(公告)号：US20230014040A1

公开(公告)日：2023-01-19

申请号：US17374633

申请日：2021-07-13

Applicant: VMware, Inc.

Inventor： Nafisa Mandliwala ,  Sirisha Myneni ,  Subrahmanyam Manuguri

IPC: H04L29/06

Abstract: Some embodiments of the invention provide a method of implementing an intent-based intrusion detection and prevention system in a datacenter, the datacenter including at least one host computer executing multiple machines. The method receives a filtered set of intrusion detection signatures to be enforced on the at least one host computer. The method uses a set of contextual attributes associated with a particular data message to generate an intrusion detection signature for the particular data message, the generated intrusion detection signature including a bit pattern, each bit associated with a contextual attribute in the set. The method compares the generated intrusion detection signature with the received set of intrusion detection signatures to identify a matching intrusion detection signature in the received filtered set.

公开(公告)号：US20230018434A1

公开(公告)日：2023-01-19

申请号：US17374630

申请日：2021-07-13

Applicant: VMware, Inc.

Inventor： Nafisa Mandliwala ,  Sirisha Myneni ,  Subrahmanyam Manuguri

IPC: H04L29/06

Abstract: Some embodiments of the invention provide a method of implementing an intent-based intrusion detection and prevention system in a datacenter that includes at least one host computer executing multiple machines. The method receives multiple contextual attributes associated with a set of data messages processed by the multiple machines executing on the at least one host computer, the multiple contextual attributes including contextual attributes that are not L2-L4 attributes and that define a compute environment in which one or more workloads performed by the multiple machines executing on the at least one host computer operate. The method uses the received multiple contextual attributes to perform a filtering operation to identify, from multiple intrusion detection signatures, a set of intrusion detection signatures applicable to the one or more workloads. The method provides the identified set of intrusion detection signatures to an intrusion detection system operating on the particular host computer for enforcement.

公开(公告)号：US20230013808A1

公开(公告)日：2023-01-19

申请号：US17374608

申请日：2021-07-13

Applicant: VMware, Inc.

Inventor： Sirisha Myneni ,  Nafisa Mandliwala ,  Rajitha Arcot ,  Subrahmanyam Manuguri

IPC: H04L29/06 ,  G06F9/54

Abstract: Some embodiments of the invention provide a method of implementing an intent-based intrusion detection and prevention system in a datacenter that includes at least one host computer executing multiple machines. The method receives an intent-based application programming interface (API) command that defines intent for a set of one or more context-based intrusion detection rules for detecting and preventing intrusions on the at least one host computer. The method uses multiple contextual attributes to convert the defined intent into a set of one or more intrusion detection scripts for enforcement on the at least one host computer. The method provides the set of one or more intrusion detection scripts to an intrusion detection system operating on the at least one host computer for enforcement.

公开(公告)号：US20230021269A1

公开(公告)日：2023-01-19

申请号：US17374623

申请日：2021-07-13

Applicant: VMware, Inc.

Inventor： Nafisa Mandliwala ,  Sirisha Myneni ,  Subrahmanyam Manuguri

IPC: G06F21/56

Abstract: Some embodiments of the invention provide a method of implementing an intent-based intrusion detection and prevention system in a datacenter, the datacenter including at least one host computer executing multiple machines. The method forwards multiple contextual attributes to a set of servers that distribute intrusion detection scripts. The method receives a filtered set of intrusion detection signatures for enforcement on the at least one host computer, the filtered set of intrusion detection signatures identified based on the multiple contextual attributes. The method uses the filtered set of intrusion detection signatures to detect at least one potential intrusion associated with a particular data message processed on the at least one host computer.

公开(公告)号：US20230014706A1

公开(公告)日：2023-01-19

申请号：US17374611

申请日：2021-07-13

Applicant: VMware, Inc.

Inventor： Sirisha Myneni ,  Nafisa Mandliwala ,  Robin Manhas ,  Srinivas Ramaswamy

IPC: H04L29/06

Abstract: Some embodiments of the invention provide a method of implementing an intent-based intrusion detection and prevention system in a datacenter that includes at least one host computer executing multiple machines. The method forwards multiple contextual attributes to a set of servers that distribute intrusion detection scripts. The method receives, from the set of servers, a set of one or more intrusion detection scripts to be enforced on the at least one host computer, the set of one or more intrusion detection scripts defined based on the multiple forwarded contextual attributes. The method uses the multiple contextual attributes to identify and resolve at least one intrusion detection script in the set of one or more intrusion detection scripts.

公开(公告)号：US09804880B2

公开(公告)日：2017-10-31

申请号：US14821829

申请日：2015-08-10

Applicant: VMWARE, INC.

Inventor： Jivan Madtha ,  Amit Ratnapal Sangodkar ,  Makarand Ramesh Gawade ,  Nafisa Mandliwala

IPC: G06F9/455 ,  H04L29/08

CPC classification number: G06F9/45558 ,  G06F2009/45595 ,  H04L67/10

Abstract: A system for a reservation for a multi-machine application can include a server virtualization engine configured to create a mixed reservation of information technology resources from a cluster of hosts including a virtual machine host and a container host. The system can include a cloud management engine configured to create a multi-machine blueprint from the mixed reservation including a virtual machine template, a container image, and a definition of networking. The cloud management engine can be configured to deploy the multi-machine blueprint to provide a multi-machine application.

公开(公告)号：US20230015632A1

公开(公告)日：2023-01-19

申请号：US17374617

申请日：2021-07-13

Applicant: VMware, Inc.

Inventor： Sirisha Myneni ,  Nafisa Mandliwala ,  Subrahmanyam Manuguri

IPC: H04L29/06 ,  G06F9/54

Abstract: Some embodiments of the invention provide a method of implementing an intent-based intrusion detection and prevention system in a datacenter that includes a set of host computers that each execute multiple machines. The method receives, from the set of host computers, multiple contextual attributes that define one or more compute environments. Through a user interface, the method presents the multiple contextual attributes and a set of controls for use in generating intent-based API commands. The method receives, through the user interface, an intent-based API command that defines intent for a set of one or more intrusion detection rules to be enforced in the datacenter, the intent defined in terms of one or more of the multiple contextual attributes. The method processes the intent-based API command in order to distribute intrusion detection system configuration data to configure, for each host computer in the set of host computers, an intrusion detection system operating on the host computer.