Geo-mapping system security events
US-8973147-B2 · Mar 3, 2015 · US
Network agent for reporting to a network policy system
US11509535B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11509535-B2 |
| Application number | US-202016999447-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 21, 2020 |
| Priority date | Mar 27, 2017 |
| Publication date | Nov 22, 2022 |
| Grant date | Nov 22, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosed technology relates to a network agent for reporting to a network policy system. A network agent includes an agent enforcer and an agent controller. The agent enforcer is configured to implementing network policies on the system, access data associated with the implementation of the network policies on the system, and transmit, via an interprocess communication, the data to the agent controller. The agent controller is configured to generate a report including the data and transmit the report to a network policy system.
First claim
Opening claim text (preview).
The invention claimed is: 1. A network entity comprising: at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the at least one processor to: receive a network policy; implement, by a first agent with a privileged status running on the network entity, the network policy; access, by the first agent and based on the privileged status, policy enforcement data associated with the implementation of the network policy; enable access, by the first agent to a second agent without a privileged status running on the network entity, the policy enforcement data; generate, by the second agent, a report based on the policy enforcement data; and transmit the report. 2. The network entity of claim 1 , further comprising: one or more sensors configured to collect the policy enforcement data. 3. The network entity of claim 1 , further comprising instructions which when executed by the at least one processor, cause the at least one processor to: access, by the first agent based on the privileged status, entity or performance data of the network entity; enable access, to the second agent, to the entity or performance data; and generate, by the second agent, the report to include the entity or performance data. 4. The network entity of claim 1 , further comprising instructions which when executed by the at least one processor, cause the at least one processor to: periodically collect the policy enforcement data; and enable access, to the second agent, to the periodically collected policy enforcement data for generating the report. 5. The network entity of claim 1 , further comprising instructions which when executed by the at least one processor, cause the at least one processor to: determine implementation characteristics of the network entity; generate one or more specific polices from the network policy based on the implementation characteristics; and implement the one or more specific policies. 6. The network entity of claim 5 , further comprising instructions which when executed by the at least one processor, cause the at least one processor to: identity that a specific policy from the one or more specific policies has been altered; and in response to the identification that the specific policy is altered, revert to a previous policy. 7. The network entity of claim 1 , wherein the network policy is based on user intent. 8. At least one non-transitory computer readable medium storing instructions that, when executed by the at least one processor, cause the at least one processor to: receive a network policy; implement, by a first agent with a privileged status running on the network entity, the network policy; access, by the first agent and based on the privileged status, policy enforcement data associated with the implementation of the network policy; enable access, by the first agent to a second agent without a privileged status running on the network entity, the policy enforcement data; generate, by the second agent, a report based on the policy enforcement data; and transmit the report. 9. The at least one non-transitory computer readable medium of claim 8 , further comprising: one or more sensors configured to collect the policy enforcement data. 10. The at least one non-transitory computer readable medium of claim 8 , further comprising instructions which when executed by the at least one processor, cause the at least one processor to: access, by the first agent based on the privileged status, entity or performance data of the network entity; enable access, to the second agent, to the entity or performance data; and generate, by the second agent, the report to include the entity or performance data. 11. The at least one non-transitory computer readable medium of claim 8 , further comprising instructions which when executed by the at least one processor, cause the at least one processor to: periodically collect the policy enforcement data; and enable access, to the second agent, to the periodically collected policy enforcement data for generating the report. 12. The at least one non-transitory computer readable medium of claim 8 , further comprising instructions which when executed by the at least one processor, cause the at least one processor to: determine implementation characteristics of the network entity; generate one or more specific polices from the network policy based on the implementation characteristics; and implement the one or more specific policies. 13. The at least one non-transitory computer readable medium of claim 12 , further comprising instructions which when executed by the at least one processor, cause the at least one processor to: identity that a specific policy from the one or more specific policies has been altered; and in response to the identification that the specific policy is altered, revert to a previous policy. 14. The least one non-transitory computer readable medium of claim 8 , wherein the network policy is based on user intent. 15. A method comprising: receiving, at a network entity, a network policy; implementing, by a first agent with a privileged status running on a network entity, the network policy; accessing, by the first agent and based on the privileged status, policy enforcement data associated with the implementation of the network policy; enabling access, by the first agent to a second agent without a privileged status running on the network entity, the policy enforcement data; generating, by the second agent, a report based on the policy enforcement data; and transmitting the report. 16. The method of claim 15 , further comprising: accessing, by the first agent based on the privileged status, entity or performance data of the network entity; enabling access, to the second agent, to the entity or performance data; and generating, by the second agent, the report to include the entity or performance data. 17. The method of claim 15 , further comprising: periodically collecting the policy enforcement data; and enabling access, to the second agent, to the periodically collected policy enforcement data for generating the report. 18. The method of claim 15 , further comprising: determining implementation characteristics of the network entity; generating one or more specific polices from the network policy based on the implementation characteristics; and implementing the one or more specific policies. 19. The method of claim 18 , further comprising: identifying that a specific policy from the one or more specific policies has been altered; and in response to identifying that the specific policy is altered, reverting to a previous policy. 20. The method of claim 15 , wherein the network policy is based on user intent.
Assignees
Inventors
Classifications
Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements · CPC title
Policy-based network configuration management · CPC title
- H04L41/046Primary
comprising network management agents or mobile agents therefor · CPC title
related to network devices · CPC title
by checking functioning · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11509535B2 cover?
- The disclosed technology relates to a network agent for reporting to a network policy system. A network agent includes an agent enforcer and an agent controller. The agent enforcer is configured to implementing network policies on the system, access data associated with the implementation of the network policies on the system, and transmit, via an interprocess communication, the data to the age…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L41/046. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 22 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).