Devendra M Badhani

20140029423, Jan 30, 2014

Jul 25, 2012

13/557522

Devendra Mohan Badhani - San Jose CA, US
Chao Feng - San Jose CA, US
Samar Sharma - San Jose CA, US
Kalyan Venkataramana - San Ramon CA, US

CISCO TECHNOLOGY, INC. - San Jose CA

H04L 12/56
H04L 12/24

370235, 370389, 370392

Methods and apparatuses for automating return traffic redirection to a service appliance by injecting forwarding policies in a packet-forwarding element are disclosed herein. An example method for automating return traffic redirection can include: establishing a communication channel between a service appliance and a packet-forwarding element; and transmitting an out-of-band message over the communication channel to the packet-forwarding element. The message can include a forwarding policy that requests the packet-forwarding element to forward predetermined packets to the service appliance.

20130301413, Nov 14, 2013

May 11, 2012

13/469345

Daniel Gilbert Moen - Sunnyvale CA, US
Venkataraman Natham - Fremont CA, US
Devendra Mohan Badhani - San Jose CA, US
Ali Golshan - Palo Alto CA, US

CISCO TECHNOLOGY, INC. - San Jose CA

H04L 12/24
H04L 12/56

370235, 370400, 370401

A system for virtual internet protocol (VIP) address migration. The system comprises serving one or more clients connected via a switch router over a network to one or more network gateways. The switch router forwards packets to the VIP address of a first network gateway. If the first network gateway determines a VIP address migration criteria has been reached, the first network gateway may migrate any new traffic associated with a packet flow over to a second network gateway for more efficient processing by inserting a default flow code into the header of the VIP address of the packet. Older packets continue to process on the first network gateway, however new packets are forwarded and processed on the second network gateway. Once the packets being processed on the first network gateway completes, the second network gateway becomes the default network gateway for processing existing and new packets.

20210021614, Jan 21, 2021

Jul 31, 2020

16/944433

- San Francisco CA, US
Siri Atma Oaklander De Licori - San Francisco CA, US
John Robert Coates - San Francisco CA, US
David Hazekamp - Tinley Park IL, US
Devendra Badhani - Santa Clara CA, US
Luke Murphey - Wadsworth IL, US
Patrick Schulz - San Francisco CA, US

Splunk Inc. - San Francisco CA

H04L 29/06
G06F 21/53

Techniques and mechanisms are disclosed for configuring actions to be performed by a network security application in response to the detection of potential security incidents, and for causing a network security application to report on the performance of those actions. For example, users may use such a network security application to configure one or more “modular alerts.” As used herein, a modular alert generally represents a component of a network security application which enables users to specify security modular alert actions to be performed in response to the detection of defined triggering conditions, and which further enables tracking information related to the performance of modular alert actions and reporting on the performance of those actions.

20200193020, Jun 18, 2020

Nov 15, 2019

16/684810

- San Francisco CA, US
Devendra Badhani - Santa Clara CA, US
Vijay Chauhan - Burlingame CA, US

G06F 21/55
G06Q 10/00
G06Q 10/10
G06Q 10/06

Systems and methods are disclosed for associating an entity with a risk score that may indicate a security threat associated with the entity's activity. An exemplary method may involve monitoring the activity of a subset of the set of entities (e.g., entities included in a watch list) by executing a search query against events indicating the activity of the subset of entities. The events may be associated with timestamps and may include machine data. Executing the search query may produce search results that pertain to activity of a particular entity from the subset. The search results may be evaluated based on a triggering condition corresponding to the statistical baseline. When the triggering condition is met, a risk score for the particular entity may be updated. The updated risk score may be displayed to a user via a graphical user interface (GUI).

20180091528, Mar 29, 2018

Sep 26, 2016

15/276756

- San Francisco CA, US
Siri Atma Oaklander De Licori - San Francisco CA, US
John Robert Coates - San Francisco CA, US
David Hazekamp - Tinley Park IL, US
Devendra Badhani - Santa Clara CA, US
Luke Murphey - Wadsworth IL, US
Patrick Schulz - San Francisco CA, US

H04L 29/06

Techniques and mechanisms are disclosed for configuring actions to be performed by a network security application in response to the detection of potential security incidents, and for causing a network security application to report on the performance of those actions. For example, users may use such a network security application to configure one or more “modular alerts.” As used herein, a modular alert generally represents a component of a network security application which enables users to specify security modular alert actions to be performed in response to the detection of defined triggering conditions, and which further enables tracking information related to the performance of modular alert actions and reporting on the performance of those actions.

20180069886, Mar 8, 2018

Oct 31, 2017

15/799167

- San Francisco CA, US
Devendra M. Badhani - Santa Clara CA, US
Luke K. Murphey - Wadsworth IL, US
David Hazekamp - San Francisco CA, US

H04L 29/06

The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.

20180052994, Feb 22, 2018

Oct 31, 2017

15/799975

- San Francisco CA, US
Devendra Badhani - Santa Clara CA, US
Vijay Chauhan - Burlingame CA, US

G06F 21/55
G06Q 10/00
G06F 21/56

Systems and methods are disclosed for associating an entity with a risk score that may indicate a security threat associated with the entity's activity. An exemplary method may involve monitoring the activity of a subset of the set of entities (e.g., entities included in a watch list) by executing a search query against events indicating the activity of the subset of entities. The events may be associated with timestamps and may include machine data. Executing the search query may produce search results that pertain to activity of a particular entity from the subset. The search results may be evaluated based on a triggering condition corresponding to the statistical baseline. When the triggering condition is met, a risk score for the particular entity may be updated. The updated risk score may be displayed to a user via a graphical user interface (GUI).

20170142146, May 18, 2017

Jan 31, 2017

15/421269

- San Francisco CA, US
Devendra M. Badhani - Santa Clara CA, US
Luke K. Murphey - Wadsworth IL, US
David Hazekamp - San Francisco CA, US

H04L 29/06

The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.