System and method for generating machine auditable network policies
First Claim
1. A method for generating and applying a network policy in a network auditing system, the method comprising:
- maintaining in a data store, a natural language policy document for the network policy and one or more machine-processable policy rules;
associating at least a portion of the natural language policy document to at least one of the machine-processable policy rules;
applying the at least one of the machine-processable policy rules to information gathered about the network; and
determining, based on the application, compliance with the network policy.
13 Assignments
0 Petitions
Accused Products
Abstract
A prevention-based network auditing system includes a central compliance server storing both natural language policy documents and machine-processable policy rules in an audit repository. The compliance server provides a client-side user interface allowing a user to easily generate a machine-auditable policy by selecting/generating a natural language policy source document, and linking the applicable machine-processable policy rules to the applicable portions of the source document. The selected machine-processable policy rules are then applied to information gathered about the network during a scheduled network audit session for efficiently and systematically determining whether policy violations and/or vulnerabilities exist.
201 Citations
17 Claims
-
1. A method for generating and applying a network policy in a network auditing system, the method comprising:
-
maintaining in a data store, a natural language policy document for the network policy and one or more machine-processable policy rules;
associating at least a portion of the natural language policy document to at least one of the machine-processable policy rules;
applying the at least one of the machine-processable policy rules to information gathered about the network; and
determining, based on the application, compliance with the network policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 16, 17)
-
-
10. A server in a network auditing system, the server comprising:
-
a data store storing a natural language policy document for the network policy and one or more machine-processable policy rules;
a client-side user interface coupled to the data store, the user interface allowing a user to associate at least a portion of the natural language policy document to at least one of the machine-processable policy rules;
means for applying the at least one of the machine-processable policy rules to information gathered about the network; and
means for determining, based on the application, compliance with the network policy. - View Dependent Claims (11, 13)
-
-
12. The server of claim 12, wherein the recommendation is associated with a change to the network policy.
Specification