发明名称 |
Policy based network compliance |
摘要 |
A network compliance application performs a method of coalescing violation data based on rule and policy violations by retrieving network event data indicative of compliance with a set of policies, in which each of the policies has a set of rules. Policy definition includes a template of rules, definition of rule severity, and a compliance threshold specifying a number of rules of a severity that render the policy non-compliant. The compliance application computes, for each of the policies, violations, each violation indicative of a deviation from a particular rule, and displays a series of views indicative of a plurality of policies in the set of policies, each of the views indicative of violations attributable to each of the policies. From the displayed view, the application receives a detail selection corresponding to a subset of the displayed violations for detailed report display. |
申请公布号 |
US9137096(B1) |
申请公布日期 |
2015.09.15 |
申请号 |
US201313932525 |
申请日期 |
2013.07.01 |
申请人 |
EMC Corporation |
发明人 |
Yehuda Hanna;Lanzi Daniel;Epelbaum Oran;Murphy Frank |
分类号 |
H04L12/24;H04L29/06 |
主分类号 |
H04L12/24 |
代理机构 |
|
代理人 |
Gupta Krishnendu;Kazanjian Gerald P. |
主权项 |
1. A method comprising:
maintaining a set of policies, each policy in the set including: i) a set of rules and corresponding violation criteria for rules within the set of rules; ii) a policy scope that indicates what resources from a network environment the rules in the policy are to be applied; iii) a policy compliance statement that defines a set of rule violations of varying severity that determine overall policy violation; defining a range of severity levels, each of the rules having a severity level; identifying, for each severity level, a threshold indicative of a cumulative number of violations of the rules in the set of rules included in the policy; gathering compliance data from observed network activity, the compliance data indicative of network resources; applying the set of policies and associated sets of rules to the gathered compliance data to calculate compliance results indicating compliance of those network resources represented by the compliance data; automatically transmitting notifications to alert at least one destination recipient of a threshold number of rule violations of a particular severity; and maintaining the network environment including the network resources in a predictable and manageable state by enforcing the set of policies based on the compliance results. |
地址 |
Hopkinton MA US |