Network policy enforcement dashboard views
First Claim
1. A computer-implemented method of coalescing compliance data at a node in a network, the method comprising:
- retrieving compliance data indicative of compliance with a set of policies, each of the policies having a set of rules;
computing, for each of the policies, violations, each violation indicative of a deviation from a particular rule;
displaying a summary view indicative of a plurality of policies in the set of policies, the summary view indicative of violations attributable to each of the policies;
receiving, from a user, a detail selection corresponding to a subset of the displayed violations in the summary view; and
displaying, for the received detail selection, a violation view having a set of violation entries corresponding to the detail selection, receiving the detail selection further comprising receiving a user selection indicative of at least one of;
a prioritized ranking of violation occurrences indicative of violations having a particular ranking over a time interval;
a frequency ranking of violation occurrences indicative of rules resulting in the violation occurrences; and
a cause ranking of violation occurrences indicative of servers on which the violation occurred, each of the violations having a violation severity defined by a multi-tiered scale, the scale including a predetermined number of violations of a particular tier constituting a failure of the policy to which the violated rules belong, retrieving the compliance data further comprising agentless probing of network activity, the probing including;
nonintrusive sniffing of interprocess communications without invoking agents on a monitored host in the network;
conducting remote discovery probes to determine deeper configuration data; and
updating a database table having entries indicative of relationships between applications, such that the applications provide connections and services to other applications in the network.
9 Assignments
0 Petitions
Accused Products
Abstract
A network compliance application performs a method of coalescing violation data based on rule and policy violations by retrieving network event data indicative of compliance with a set of policies, in which each of the policies has a set of rules. The application computes, for each of the policies, violations, each violation indicative of a deviation from a particular rule, and displays a summary view indicative of a plurality of policies in the set of policies, the summary view indicative of violations attributable to each of the policies. From the displayed summary view, the application receives a detail selection corresponding to a subset of the displayed violations in the summary view; displays, for the received detail selection, a violation view having a sequence of ranked violation entries corresponding to the detail selection.
153 Citations
18 Claims
-
1. A computer-implemented method of coalescing compliance data at a node in a network, the method comprising:
-
retrieving compliance data indicative of compliance with a set of policies, each of the policies having a set of rules; computing, for each of the policies, violations, each violation indicative of a deviation from a particular rule; displaying a summary view indicative of a plurality of policies in the set of policies, the summary view indicative of violations attributable to each of the policies; receiving, from a user, a detail selection corresponding to a subset of the displayed violations in the summary view; and displaying, for the received detail selection, a violation view having a set of violation entries corresponding to the detail selection, receiving the detail selection further comprising receiving a user selection indicative of at least one of; a prioritized ranking of violation occurrences indicative of violations having a particular ranking over a time interval; a frequency ranking of violation occurrences indicative of rules resulting in the violation occurrences; and a cause ranking of violation occurrences indicative of servers on which the violation occurred, each of the violations having a violation severity defined by a multi-tiered scale, the scale including a predetermined number of violations of a particular tier constituting a failure of the policy to which the violated rules belong, retrieving the compliance data further comprising agentless probing of network activity, the probing including; nonintrusive sniffing of interprocess communications without invoking agents on a monitored host in the network; conducting remote discovery probes to determine deeper configuration data; and updating a database table having entries indicative of relationships between applications, such that the applications provide connections and services to other applications in the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 17, 18)
-
-
12. A network compliance device responsive to a network compliance application comprising:
-
a network event repository storing retrieved compliance data indicative of compliance with a set of policies, each of the policies having a set of rules; a violation processor computing, for each of the policies, violations, each violation indicative of a deviation from a particular rule; a display engine displaying a summary view indicative of a plurality of policies in the set of policies, the summary view indicative of violations attributable to each of the policies; a policy manager receiving a detail selection corresponding to a subset of the displayed violations in the summary view, the display engine further operable to display, for the received detail selection, a violation view having a set of violation entries corresponding to the detail selection, receiving the detail selection further comprising receiving a user selection indicative of at least one of; a prioritized ranking of violation occurrences indicative of violations having a particular ranking over a time interval; a frequency ranking of violation occurrences indicative of rules resulting in the violation occurrences; and a cause ranking of violation occurrences indicative of servers on which the violation occurred, each of the violations having a violation severity defined by a multi-tiered scale, the scale including a predetermined number of violations of a particular tier constituting a failure of the policy to which the violated rules belong; the retrieved compliance data obtained from agentless probing of network activity, the probing including; nonintrusive sniffing of interprocess communications without invoking agents on a monitored host in the network; conducting remote discovery probes to determine deeper configuration data; and updating a database table having entries indicative of relationships between applications, such that the applications provide connections and services to other applications in the network. - View Dependent Claims (13, 14, 15)
-
-
16. A computer program product having a non-transitory computer readable storage medium operable to store computer program logic embodied in computer program code encoded as a set of processor based instructions thereon for displaying a policy compliance report comprising:
-
computer program code for retrieving compliance data indicative of compliance with a set of policies, each of the policies having a set of rules; computer program code for computing, for each of the policies, violations, each violation indicative of a deviation from a particular rule; computer program code for displaying a summary view indicative of a plurality of policies in the set of policies, the summary view indicative of violations attributable to each of the policies; computer program code for receiving, from a user, a detail selection corresponding to a subset of the displayed violations in the summary view; and computer program code for displaying, for the received detail selection, a violation view having a set of violation entries corresponding to the detail selection, computer program code for receiving the detail selection further comprising computer program code for receiving a user selection indicative of at least one of; a prioritized ranking of violation occurrences indicative of violations having a particular ranking over a time interval; a frequency ranking of violation occurrences indicative of rules resulting in the violation occurrences; and a cause ranking of violation occurrences indicative of servers on which the violation occurred, each of the violations having a violation severity defined by a multi-tiered scale, the scale including a predetermined number of violations of a particular tier constituting a failure of the policy to which the violated rules belong, the computer program code for retrieving the compliance data further comprising computer program code for agentless probing of network activity, the computer program code for agentless probing including; computer program code for nonintrusive sniffing of interprocess communications without invoking agents on a monitored host in the network; computer program code for conducting remote discovery probes to determine deeper configuration data; and computer program code for updating a database table having entries indicative of relationships between applications, such that the applications provide connections and services to other applications in the network.
-
Specification