&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12278802.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,278,802 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Combined machine learning and formal techniques for network traffic analysis</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Charanraj Thimmisetty,  Dublin, CA (US);  Praveen Tiwari,  Milpitas, CA (US);  Viswesh Ananthakrishnan,  Palo Alto, CA (US); and  Claudionor Jose Nunes Coelho, Jr.,  Redwood City, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Palo Alto Networks, Inc.,  Santa Clara, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Palo Alto Networks, Inc.,  Santa Clara, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Sep.  13, 2021, as Appl. No. 17/447,471.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 63/202,117, filed on May   27, 2021.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2022/0385635 A1, Dec.  1, 2022</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01); <i><b>G06F 18/214</b></i> (2023.01); <i><b>G06N 3/04</b></i> (2023.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/0263</b></i> (2013.01)&#xa0;[<i><b>G06F 18/214</b></i> (2023.01); <i><b>G06N 3/04</b></i> (2013.01); <i><b>H04L 63/0236</b></i> (2013.01); <i><b>H04L 63/1425</b></i> (2013.01); <i><b>H04L 63/20</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12278802-20250415-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method comprising:<div class="claim_text">parsing a plurality of security rules indicated in a current configuration of a firewall, wherein each security rule indicates first criteria for network traffic and a corresponding action to be taken by the firewall on network traffic satisfying the first criteria;</div>
                <div class="claim_text">generating a plurality of formulas to represent the plurality of security rules, wherein each formula comprises a logical representation of the first criteria of the security rule represented by the formula and an indication of the corresponding action;</div>
                <div class="claim_text">based on submission of a first query indicating second criteria for network traffic, determining if the firewall has detected network traffic satisfying the second criteria based on traffic logs generated by the firewall;</div>
                <div class="claim_text">based on determining that the firewall has not detected network traffic satisfying the second criteria, evaluating the first query based on the plurality of formulas to determine if the firewall could detect network traffic satisfying the second criteria with the current configuration of the firewall, wherein evaluating the first query to determine if the firewall could detect network traffic satisfying the second criteria with the current configuration of the firewall comprises determining if the second criteria are satisfiable;</div>
                <div class="claim_text">based on determining that the second criteria are satisfiable, determining an action that the firewall would take for network traffic that satisfy the second criteria based on a result of the evaluating; and</div>
                <div class="claim_text">indicating the action that the firewall would take for network traffic that satisfies the second criteria if it were detected with the current configuration of the firewall.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>