	US 12,294,565 B2
	Firewall rules intelligence
Kan Cai, Sunnyvale, CA (US); Vikas Aggarwal, Brisbane, CA (US); Gargi Adhav, San Jose, CA (US); Rajendra Yavatkar, Saratoga, CA (US); Ning Zhao, San Jose, CA (US); and Vishal Gupta, Milpitas, CA (US)
Assigned to Google LLC, Mountain View, CA (US)
Filed by Google LLC, Mountain View, CA (US)
Filed on Feb. 15, 2024, as Appl. No. 18/443,233.
Application 18/443,233 is a continuation of application No. 18/051,686, filed on Nov. 1, 2022, granted, now 11,924,168.
Application 18/051,686 is a continuation of application No. 16/845,771, filed on Apr. 10, 2020, granted, now 11,516,182, issued on Nov. 29, 2022.
Claims priority of provisional application 62/832,178, filed on Apr. 10, 2019.
Prior Publication US 2024/0187379 A1, Jun. 6, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 12/00 (2006.01); G06F 9/54 (2006.01); G06N 20/00 (2019.01); H04L 9/40 (2022.01); H04L 41/14 (2022.01); H04L 41/16 (2022.01); H04L 43/026 (2022.01)

CPC H04L 63/0263 (2013.01) [G06F 9/547 (2013.01); G06N 20/00 (2019.01); H04L 41/145 (2013.01); H04L 41/16 (2013.01); H04L 43/026 (2013.01); H04L 63/1425 (2013.01)]

20 Claims

1. A computer-implemented method executed by data processing hardware that causes the data processing hardware to perform operations comprising:

obtaining a traffic log for a network comprising one or more virtual machines, the traffic log comprising network communications by the one or more virtual machines of the network;

obtaining a set of firewall rules for the network;

determining, using the traffic log and the set of firewall rules, firewall metrics, the firewall metrics comprising hit counts for each firewall rule in the set of firewall rules;

generating, based on the hit counts, a firewall rule recommendation, the firewall rule recommendation comprising a recommendation to delete a respective one of the firewall rules in the set of firewall rules; and

transmitting the firewall rule recommendation to a user device.