Security appliance to monitor networked computing environment
First Claim
1. A method for evaluating a software defined infrastructure, comprising:
- retrieving configuration and operational information associated with the software defined infrastructure by a security appliance;
extracting selective information from the retrieved configuration and operational information by the security appliance;
storing extracted selective information in a plurality of data store;
evaluating selectively stored information for compliance to a policy, by the security appliance; and
generating a report based on the evaluation,wherein, configuration and operational information includes information related to asset configuration, audit event and network communication associated with the software defined infrastructure; and
wherein the generated report includes a message component, a network query component and an event query component, wherein the message component includes a textual description of a violation, wherein the network query component is configured to submit a query to the security appliance to retrieve associated network flow information related to the violation, and wherein the event query component is configured to submit a query to the security appliance to retrieve associated audit events related to the violation.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method to evaluate a software defined infrastructure is disclosed. A security appliance is used to evaluate the software defined infrastructure. The security appliance includes a data ingestion and query engine. The data ingestion and query engine is configured to retrieve configuration and operational information associated with the software defined infrastructure, extract selective information from the retrieved configuration and operational information, and store extracted selective information in a plurality of data store. A policy compliance engine is configured to evaluate selectively stored information for compliance to a policy and generate a report based on the evaluation.
63 Citations
16 Claims
-
1. A method for evaluating a software defined infrastructure, comprising:
-
retrieving configuration and operational information associated with the software defined infrastructure by a security appliance; extracting selective information from the retrieved configuration and operational information by the security appliance; storing extracted selective information in a plurality of data store; evaluating selectively stored information for compliance to a policy, by the security appliance; and generating a report based on the evaluation, wherein, configuration and operational information includes information related to asset configuration, audit event and network communication associated with the software defined infrastructure; and wherein the generated report includes a message component, a network query component and an event query component, wherein the message component includes a textual description of a violation, wherein the network query component is configured to submit a query to the security appliance to retrieve associated network flow information related to the violation, and wherein the event query component is configured to submit a query to the security appliance to retrieve associated audit events related to the violation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A security appliance to evaluate a software defined infrastructure, comprising:
-
a data ingestion and query engine configured to retrieve configuration and operational information associated with the software defined infrastructure; extract selective information from the retrieved configuration and operational information; and store extracted selective information in a plurality of data store; and a policy compliance engine configured to evaluate selectively stored information for compliance to a policy; and generate a report based on the evaluation, wherein, configuration and operational information includes information related to asset configuration, audit event and network communication associated with the software defined infrastructure; and wherein the generated report includes a message component, a network query component and an event query component, wherein the message component includes a textual description of a violation, wherein the network query component is configured to submit a query to the security appliance to retrieve associated network flow information related to the violation, and wherein the event query component is configured to submit a query to the security appliance to retrieve associated audit events related to the violation. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification