-
公开(公告)号:US11349876B2
公开(公告)日:2022-05-31
申请号:US16554414
申请日:2019-08-28
申请人: VMware, Inc.
发明人: Sunitha Krishna , Kausum Kumar , Rajiv Mordani , Radha Popuri , Kavya Kambi Ravi , Ankur Saran , Farzad Ghannadian
摘要: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.
-
公开(公告)号:US20210029166A1
公开(公告)日:2021-01-28
申请号:US16554414
申请日:2019-08-28
申请人: VMware, Inc.
发明人: Sunitha Krishna , Kausum Kumar , Rajiv Mordani , Radha Popuri , Kavya Kambi Ravi , Ankur Saran , Farzad Ghannadian
摘要: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.
-
公开(公告)号:US20230179572A1
公开(公告)日:2023-06-08
申请号:US17543294
申请日:2021-12-06
申请人: VMware, Inc.
IPC分类号: H04L9/40
CPC分类号: H04L63/0263 , H04L63/20
摘要: Some embodiments provide a method for modifying a set of firewall rules for implementation in a network. The method receives (i) a set of existing firewall rules and (ii) a set of flows observed in the network that do not match the firewall rules in the set. The method identifies an optimized set of modifications to the set of existing firewall rules to generate a set of modified firewall rules such that (i) the set of flows match firewall rules in the set of modified firewall rules and (ii) any flows that matched firewall rules in the set of existing firewall rules also match firewall rules in the set of modified firewall rules.
-
公开(公告)号:US20230179571A1
公开(公告)日:2023-06-08
申请号:US17543254
申请日:2021-12-06
申请人: VMware, Inc.
IPC分类号: G06F21/62
CPC分类号: H04L63/0263 , H04L63/20
摘要: Some embodiments provide a method for modifying a firewall rule of a security policy implemented in a network. The method identifies a set of compute machines to be added to a match condition for the firewall rule. The match condition is expressed using one or more groups of compute machines. The method selects a set of groups for the identified set of compute machines from a plurality of existing groups of compute machines based on a user-specified threshold indicating tolerance for inclusion of compute machines that are not in the identified set of compute machines in the selected groups. The method uses the selected set of groups for the match condition of the firewall rule.
-
-
-