Cloud-based security policy configuration
US-9060025-B2 · Jun 16, 2015 · US
Relationship-based search in a computing environment
US11734316B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11734316-B2 |
| Application number | US-202117370686-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 8, 2021 |
| Priority date | Jul 8, 2021 |
| Publication date | Aug 22, 2023 |
| Grant date | Aug 22, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for a relationship-based search in a computing environment are provided. An example method includes providing a graph database. The graph database includes nodes representing workloads of the computing environment and edges representing relationships between the nodes. The method also includes enriching the graph database by associating the nodes with metadata associated with the nodes and the relationships. The method also includes receiving a user query including data associated with at least one of the metadata and the relationships. The method also includes determining, based on the user query, a subset of the nodes in the graph database and a subset of relationships between the nodes in the subset of the nodes. The method also includes displaying, via a graphical user interface, a graphical representation of the subset of the nodes and relationships between the nodes in the subset of the nodes.
First claim
Opening claim text (preview).
What is claimed is: 1. A system for a relationship-based search in a computing environment, the system comprising: at least one processor; and a memory communicatively coupled to the at least one processor, the memory storing instructions executable by the at least one processor to perform a method comprising: providing a graph database, the graph database including nodes representing at least workloads of the computing environment and edges representing relationships between the nodes; enriching the graph database by associating the nodes with metadata associated with the nodes and the relationships; receiving a user query, the user query including data associated with at least one of the metadata and the relationships; determining, based on the user query, a subset of the nodes in the graph database and a subset of the relationships between the nodes in the subset of the nodes; generating, based on the subset of the nodes and the subset of the relationships, a security policy allowing at least one of the relationships between the workloads corresponding to the nodes in the graph database; and displaying, via a graphical user interface, a graphical representation of the subset of the nodes and the subset of the relationships between the nodes in the subset of the nodes. 2. The system of claim 1 , wherein the determining the subset of the nodes includes determining nodes running an application specified in the user query. 3. The system of claim 1 , wherein the determining the subset of the nodes includes determining at least one of users, roles, and organizations corresponding to relationships associated with nodes running an application specified in the user query. 4. The system of claim 1 , wherein the determining the subset of the nodes includes determining nodes corresponding to workloads not running an application specified in the user query. 5. The system of claim 1 , wherein the metadata are associated with at least one of the following: a known process, a vulnerability over a predetermined threshold, a given location, a predetermined business context, a database, and a file store. 6. The system of claim 1 , wherein the at least one processor is configured to generate, based on the subset of the nodes and the subset of the relationships, a security policy disallowing at least one relationship between the nodes corresponding to the nodes in the graph database. 7. The system of claim 1 , wherein the determining the subset of the nodes includes determining a chain of consecutively connected nodes, wherein a first node in the chain is unauthorizedly accessible from a last node in the chain via middle nodes in the chain. 8. The system of claim 1 , wherein the determining the subset of the nodes includes determining a chain of consecutively connected nodes, wherein nodes within the chain that meet a predetermined condition have an indirect relationship. 9. The system of claim 1 , wherein the determining the subset of the nodes includes determining a chain of consecutively connected nodes, wherein a last node in the chain has a vulnerability and is connected to the first node in the chain via a predetermined number of nodes, the predetermined number being specified in the user query. 10. The system of claim 1 , wherein the determining the subset of the nodes includes determining nodes corresponding to workloads running an application specified in the user query and having at least one vulnerability. 11. The system of claim 1 , wherein the determining the subset of the nodes includes determining nodes corresponding to nodes connected to a workload specified in the user query and having at least one vulnerability. 12. The system of claim 1 , wherein the user query includes a query based on a context of the metadata. 13. The system of claim 1 , wherein the user query is provided in a natural human language. 14. A method for a relationship-based search in a computing environment, the method comprising: providing a graph database, the graph database including nodes representing at least workloads of the computing environment and edges representing relationships between the nodes; enriching the graph database by associating the nodes with metadata associated with the nodes and the relationships; receiving a user query, the user query including data associated with at least one of the metadata and the relationships; determining, based on the user query, a subset of the nodes in the graph database and a subset of the relationships between the nodes in the subset of the nodes; generating, based on the subset of the nodes and the subset of the relationships, a security policy disallowing at least one of the relationships between the nodes corresponding to the nodes in the graph database; and displaying, via a graphical user interface, a graphical representation of the subset of the nodes and the subset of the relationships between the nodes in the subset of the nodes. 15. The method of claim 14 , wherein the determining the subset of the nodes includes determining nodes running an application specified in the user query. 16. The method of claim 14 , wherein the determining the subset of the nodes includes determining nodes not running an application specified in the user query. 17. The method of claim 14 , wherein the determining the subset of the nodes includes determining a chain of consecutively connected nodes, wherein a first node in the chain is unauthorizedly accessible from a last node in the chain via middle nodes in the chain. 18. A non-transitory processor-readable medium having embodied thereon a program being executable by at least one processor to perform a method for a relationship-based search in a computing environment, the method comprising: providing a graph database, the graph database including nodes representing at least workloads of the computing environment and edges representing relationships between the nodes; enriching the graph database by associating the nodes with metadata associated with the nodes and the relationships; receiving a user query, the user query including data associated with at least one of the metadata and the relationships; determining, based on the user query, a subset of the nodes in the graph database and a subset of the relationships between the nodes in the subset of the nodes; generating, based on the subset of the nodes and the subset of the relationships, a security policy disallowing at least one of the relationships between the nodes corresponding to the nodes in the graph database; and displaying, via a graphical user interface, a graphical representation of the subset of the nodes and the subset of the relationships between the nodes in the subset of the nodes.
Assignees
Inventors
Classifications
- G06F16/288Primary
Entity relationship models · CPC title
Presentation of query results · CPC title
using data annotations, e.g. user-defined metadata · CPC title
using context · CPC title
Visual data mining; Browsing structured data · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11734316B2 cover?
- Systems and methods for a relationship-based search in a computing environment are provided. An example method includes providing a graph database. The graph database includes nodes representing workloads of the computing environment and edges representing relationships between the nodes. The method also includes enriching the graph database by associating the nodes with metadata associated wit…
- Who is the assignee on this patent?
- Varmour Networks Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F16/288. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 22 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).