The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Mar. 25, 2025
Filed:
Nov. 10, 2022
Vmware Llc, Palo Alto, CA (US);
Robin Manhas, Santa Clara, CA (US);
Nafisa Mandliwala, Sunnyvale, CA (US);
Sirisha Myneni, Santa Clara, CA (US);
Srinivas Ramaswamy, Dublin, CA (US);
VMWare LLC, Palo Alto, CA (US);
Abstract
Some embodiments of the invention provide, for an intrusion detection and prevention system (IDPS) engine operating on a host computer deployed in a software-defined datacenter (SDDC), a method for detecting and analyzing malicious packet flows. Upon detecting a new packet flow, the method captures packets belonging to the new packet flow in a file. When the new packet flow ends, the method determines that a particular packet belonging to the new packet flow has triggered an alert indicating the particular packet includes a potentially malicious payload. The method annotates the file for the new packet flow with a set of contextual data that (1) specifies the new packet flow as a potentially malicious packet flow and (2) identifies the particular packet and at least one signature associated with the alert triggered by the particular packet. The method sends the annotated file to a network management server to analyze the set of contextual data to extract further information regarding the potentially malicious payload.