公开(公告)号：US20230388320A1

公开(公告)日：2023-11-30

申请号：US17752990

申请日：2022-05-25

Applicant: VMware, Inc.

Inventor： Russell LU ,  Sirisha MYNENI ,  Nafisa MANDLIWALA ,  Mani KANCHERLA

IPC: H04L9/40 ,  G06F9/455

CPC classification number: H04L63/1416 ,  H04L63/1425 ,  G06F9/45558 ,  G06F2009/45587

Abstract: Example methods and systems for intrusion detection with adaptive pattern selection are described. In one example, a computer system may perform pattern selection by selecting a subset from a set of multiple patterns based on metric information. In response to receiving a packet belonging to a flow between a source endpoint and a destination endpoint, a first matching operation may be performed to determine whether the packet is matchable to a particular pattern from the set of multiple patterns or the subset. In response to determination that the packet is matchable to the particular pattern, a second matching operation may be performed to determine whether the packet is matchable to a particular signature. The metric information associated with the particular pattern may be updated based on the first matching operation and/or the second matching operation. This way, the subset may be updated based at least on the updated metric information.

公开(公告)号：US20210075789A1

公开(公告)日：2021-03-11

申请号：US16998371

申请日：2020-08-20

Applicant: VMware, Inc.

Inventor： Ming WEN ,  Edilmo PALENCIA ,  Russell LU ,  Laxmikant Vithal GUNDA ,  Margaret PETRUS

IPC: H04L29/06

Abstract: The disclosure provides an approach for establishing authentication between components in a network. Embodiments deploying a node of a monitoring appliance in response to a request and providing a token for accessing a network manager to the node of the monitoring appliance. Embodiments include generating, by the node of the monitoring appliance, a certificate of the node of the monitoring appliance and providing the certificate of the node of the monitoring appliance to the network manager with the token for accessing the network manager. Embodiments include adding, by the network manager, based on the token for accessing the network manager, the certificate of the node of the monitoring appliance to a first trust store and providing, by the network manager, a network manager certificate to the node of the monitoring appliance. Embodiments include adding, by the node of the monitoring appliance, the network manager certificate to a second trust store.

公开(公告)号：US20210367830A1

公开(公告)日：2021-11-25

申请号：US16879796

申请日：2020-05-21

Applicant: VMware, Inc.

Inventor： Jayant JAIN ,  Sushruth GOPAL ,  Russell LU ,  Anirban SENGUPTA ,  Yangyang ZHU

IPC: H04L12/24 ,  H04L12/26 ,  G06F9/455

Abstract: Example methods and systems for dynamic event processing for network diagnosis are described. In one example, a computer system may monitor a runtime flow of multiple packets to detect a set of multiple events associated with the runtime flow. The computer system may perform a first stage of event processing by matching the set of multiple events to a set of multiple signatures that includes a first signature and a second signature. The first signature may be associated with a first mapping rule that is fully satisfied by the set of multiple events. The second signature may be associated with a second mapping rule that is partially satisfied. During a second stage of event processing, the second signature is disregarded. In response to diagnosing an issue associated with the runtime flow, remediation action(s) may be performed.