公开(公告)号：US20230014706A1

公开(公告)日：2023-01-19

申请号：US17374611

申请日：2021-07-13

Applicant: VMware, Inc.

Inventor： Sirisha Myneni ,  Nafisa Mandliwala ,  Robin Manhas ,  Srinivas Ramaswamy

IPC: H04L29/06

Abstract: Some embodiments of the invention provide a method of implementing an intent-based intrusion detection and prevention system in a datacenter that includes at least one host computer executing multiple machines. The method forwards multiple contextual attributes to a set of servers that distribute intrusion detection scripts. The method receives, from the set of servers, a set of one or more intrusion detection scripts to be enforced on the at least one host computer, the set of one or more intrusion detection scripts defined based on the multiple forwarded contextual attributes. The method uses the multiple contextual attributes to identify and resolve at least one intrusion detection script in the set of one or more intrusion detection scripts.

公开(公告)号：US11463300B2

公开(公告)日：2022-10-04

申请号：US16927542

申请日：2020-07-13

Applicant: VMware, Inc.

Inventor： Nafisa Mandliwala ,  Sirisha Myneni ,  Robin Manhas ,  Baibhav Singh

IPC: H04L41/0681 ,  H04L41/0695 ,  H04L41/0631 ,  H04L9/40

Abstract: The disclosure provides an approach for remediating false positives for a network security monitoring component. Embodiments include receiving an alert related to network security for a virtual computing instance (VCI). Embodiments include collecting, in response to receiving the alert, context information from the VCI. Embodiments include providing a notification to a management plane based on the alert and the context information. Embodiments include receiving, from the management plane, in response to the notification, an indication of whether the alert is a false positive. Embodiments include training a model based on the alert, the context information, and the indication to determine whether a given alert is a false positive.