Network policy enforcement dashboard views

US 7,934,248 B1
Filed: 06/27/2007
Issued: 04/26/2011
Est. Priority Date: 06/27/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of coalescing compliance data at a node in a network, the method comprising:

retrieving compliance data indicative of compliance with a set of policies, each of the policies having a set of rules;

computing, for each of the policies, violations, each violation indicative of a deviation from a particular rule;

displaying a summary view indicative of a plurality of policies in the set of policies, the summary view indicative of violations attributable to each of the policies;

receiving, from a user, a detail selection corresponding to a subset of the displayed violations in the summary view; and

displaying, for the received detail selection, a violation view having a set of violation entries corresponding to the detail selection, receiving the detail selection further comprising receiving a user selection indicative of at least one of;

a prioritized ranking of violation occurrences indicative of violations having a particular ranking over a time interval;

a frequency ranking of violation occurrences indicative of rules resulting in the violation occurrences; and

a cause ranking of violation occurrences indicative of servers on which the violation occurred, each of the violations having a violation severity defined by a multi-tiered scale, the scale including a predetermined number of violations of a particular tier constituting a failure of the policy to which the violated rules belong, retrieving the compliance data further comprising agentless probing of network activity, the probing including;

nonintrusive sniffing of interprocess communications without invoking agents on a monitored host in the network;

conducting remote discovery probes to determine deeper configuration data; and

updating a database table having entries indicative of relationships between applications, such that the applications provide connections and services to other applications in the network.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network compliance application performs a method of coalescing violation data based on rule and policy violations by retrieving network event data indicative of compliance with a set of policies, in which each of the policies has a set of rules. The application computes, for each of the policies, violations, each violation indicative of a deviation from a particular rule, and displays a summary view indicative of a plurality of policies in the set of policies, the summary view indicative of violations attributable to each of the policies. From the displayed summary view, the application receives a detail selection corresponding to a subset of the displayed violations in the summary view; displays, for the received detail selection, a violation view having a sequence of ranked violation entries corresponding to the detail selection.

153 Citations

18 Claims

1. A computer-implemented method of coalescing compliance data at a node in a network, the method comprising:
- retrieving compliance data indicative of compliance with a set of policies, each of the policies having a set of rules;
  
  computing, for each of the policies, violations, each violation indicative of a deviation from a particular rule;
  
  displaying a summary view indicative of a plurality of policies in the set of policies, the summary view indicative of violations attributable to each of the policies;
  
  receiving, from a user, a detail selection corresponding to a subset of the displayed violations in the summary view; and
  
  displaying, for the received detail selection, a violation view having a set of violation entries corresponding to the detail selection, receiving the detail selection further comprising receiving a user selection indicative of at least one of;
  
  a prioritized ranking of violation occurrences indicative of violations having a particular ranking over a time interval;
  
  a frequency ranking of violation occurrences indicative of rules resulting in the violation occurrences; and
  
  a cause ranking of violation occurrences indicative of servers on which the violation occurred, each of the violations having a violation severity defined by a multi-tiered scale, the scale including a predetermined number of violations of a particular tier constituting a failure of the policy to which the violated rules belong, retrieving the compliance data further comprising agentless probing of network activity, the probing including;
  
  nonintrusive sniffing of interprocess communications without invoking agents on a monitored host in the network;
  
  conducting remote discovery probes to determine deeper configuration data; and
  
  updating a database table having entries indicative of relationships between applications, such that the applications provide connections and services to other applications in the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 17, 18)
- - 2. The method of claim 1 wherein the violation occurrences have fields corresponding to the policy and rule for which they apply.
  - 3. The method of claim 1 wherein each of the rules defines an object, scope and desired state for which the rule is applicable, computing the violations comprising identifying deviation from the desired state triggering a violation of the rule.
  - 4. The method of claim 3 wherein the detail selection is indicative of at least one of a particular policy, a particular violation severity, a particular violation, or a particular network object.
  - 5. The method of claim 1 wherein the detail selection is indicative of a particular set of violations in a particular policy.
  - 6. The method of claim 5 wherein compliance data is gathered by a near real time gathering mechanism comprising:
    - periodically probing hosts, services and connections, the hosts operable to execute applications, the services provided by the applications, the connections operable to communicate between the applications;
      
      aggregating data from the periodic probes; and
      
      receiving intermittent updates supplementing the periodic probes.
  - 7. The method of claim 6 wherein displaying the detail selection further comprises:
    - receiving a filtering selection indicative of a subset of the violation entries; and
      
      filtering, on at least one of the fields in the violation entries, the filtering selection operable to limit the subset violation entries displayed.
  - 8. The method of claim 7 wherein detail selection is indicative of a particular policy, further comprising:
    - displaying, for each of a plurality of severities, the number of violations for the respective severity.
  - 9. The method of claim 7 wherein the detail selection is indicative of a frequency of rule violations, further comprising:
    - displaying an ordering of the violation entries according to a count of occurrences of each of the displayed rules.
  - 10. The method of claim 1 wherein retrieving the compliance data comprises accessing a preexisting repository of network event data, the network event data gathered by an external network management application.
  - 11. The method of claim 4 wherein the violation severity is defined by a multi-tiered scale, the scale including a predetermined number of violations of a particular tier constituting a failure of the policy to which the violated rules belong.
  - 17. The method of claim 1 further comprising retrieving compliance data via a gathering daemon that passively scans the network for:
    - hosts executing an application;
      
      services provided by applications; and
      
      connections for communication between applications.
  - 18. The method of claim 1 further comprising:
    - displaying a set of policies or selecting at least one policy from the set of policies;
      
      receiving, from the user, a policy selection indicative of a particular policy;
      
      periodically probing hosts for violations of the particular policy;
      
      transitioning to a detail view of the particular policy;
      
      receiving, from the user, a selection for a type of violation views; and
      
      displaying a violation view, the violation view filtered for rendering a manageable volume of display data.

12. A network compliance device responsive to a network compliance application comprising:
- a network event repository storing retrieved compliance data indicative of compliance with a set of policies, each of the policies having a set of rules;
  
  a violation processor computing, for each of the policies, violations, each violation indicative of a deviation from a particular rule;
  
  a display engine displaying a summary view indicative of a plurality of policies in the set of policies, the summary view indicative of violations attributable to each of the policies;
  
  a policy manager receiving a detail selection corresponding to a subset of the displayed violations in the summary view, the display engine further operable to display, for the received detail selection, a violation view having a set of violation entries corresponding to the detail selection, receiving the detail selection further comprising receiving a user selection indicative of at least one of;
  
  a prioritized ranking of violation occurrences indicative of violations having a particular ranking over a time interval;
  
  a frequency ranking of violation occurrences indicative of rules resulting in the violation occurrences; and
  
  a cause ranking of violation occurrences indicative of servers on which the violation occurred, each of the violations having a violation severity defined by a multi-tiered scale, the scale including a predetermined number of violations of a particular tier constituting a failure of the policy to which the violated rules belong;
  
  the retrieved compliance data obtained from agentless probing of network activity, the probing including;
  
  nonintrusive sniffing of interprocess communications without invoking agents on a monitored host in the network;
  
  conducting remote discovery probes to determine deeper configuration data; and
  
  updating a database table having entries indicative of relationships between applications, such that the applications provide connections and services to other applications in the network.
- View Dependent Claims (13, 14, 15)
- - 13. The device of claim 12 wherein the violation occurrences have fields corresponding to the policy and rule for which they apply, each of the rules defining an object, scope and desired state for which the rule is applicable, computing the violations including identifying deviation from the condition defining a violation of the rule.
  - 14. The device of claim 13 wherein the user selection selectively invokes the display engine to perform at least one of:
    - displaying, for each of a plurality of severity, the number of violations for the respective severity;
      
      displaying an ordering of the violation entries according to a count of occurrences of each of the displayed rules; and
      
      displaying an ordering of the violation entries according to a count of the network object on which the respective violation occurred.
  - 15. The device of claim 14 wherein the display engine further:
    - receives a filtering selection indicative of a subset of the violation entries; and
      
      filters, on at least one of the fields in the violation entries, the filtering selection operable to limit the subset violation entries displayed.

16. A computer program product having a non-transitory computer readable storage medium operable to store computer program logic embodied in computer program code encoded as a set of processor based instructions thereon for displaying a policy compliance report comprising:
- computer program code for retrieving compliance data indicative of compliance with a set of policies, each of the policies having a set of rules;
  
  computer program code for computing, for each of the policies, violations, each violation indicative of a deviation from a particular rule;
  
  computer program code for displaying a summary view indicative of a plurality of policies in the set of policies, the summary view indicative of violations attributable to each of the policies;
  
  computer program code for receiving, from a user, a detail selection corresponding to a subset of the displayed violations in the summary view; and
  
  computer program code for displaying, for the received detail selection, a violation view having a set of violation entries corresponding to the detail selection, computer program code for receiving the detail selection further comprising computer program code for receiving a user selection indicative of at least one of;
  
  a prioritized ranking of violation occurrences indicative of violations having a particular ranking over a time interval;
  
  a frequency ranking of violation occurrences indicative of rules resulting in the violation occurrences; and
  
  a cause ranking of violation occurrences indicative of servers on which the violation occurred, each of the violations having a violation severity defined by a multi-tiered scale, the scale including a predetermined number of violations of a particular tier constituting a failure of the policy to which the violated rules belong, the computer program code for retrieving the compliance data further comprising computer program code for agentless probing of network activity, the computer program code for agentless probing including;
  
  computer program code for nonintrusive sniffing of interprocess communications without invoking agents on a monitored host in the network;
  
  computer program code for conducting remote discovery probes to determine deeper configuration data; and
  
  computer program code for updating a database table having entries indicative of relationships between applications, such that the applications provide connections and services to other applications in the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Yehuda, Hanna, Murphy, Frank, Epelbaum, Oran, Lanzi, Daniel C.
Primary Examiner(s)
Arani; Taghi T
Assistant Examiner(s)
Rahman; Mohammad L

Application Number

US11/769,561
Time in Patent Office

1,399 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

H04L 41/069   using logs of notifications...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/22   comprising specially adapte...

H04L 63/20   for managing network securi...

Network policy enforcement dashboard views

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

153 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Network policy enforcement dashboard views

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

153 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others