| CPC H04L 43/50 (2013.01) [H04L 41/145 (2013.01); H04L 63/1416 (2013.01); H04L 63/1441 (2013.01)] | 19 Claims |
|
1. A computer implemented method comprising:
receiving, via a user interface, a first query of a storage device coupled to an external network;
retrieving, by a network monitoring device disposed between the external network and a protected network, stored external network data, exported from the external network and aimed at the protected network, from the storage device;
applying, by the network monitoring device, one or more flow specification rules to the retrieved stored external network data, wherein the one or more flow specification rules are configured to perform one or more flow specification actions on the retrieved stored external network data, wherein each of the one or more flow specification actions corresponds to performing, on the stored external network data, dropping, rate-limiting, traffic accepting, or passing of network traffic;
finding, by the network monitoring device, a match of one of the one or more flow specification rules using a matching criteria;
determining, by the network monitoring device, network traffic activity corresponding to the matched one of the one or more flow specification rules;
identifying, by the network monitoring device, data from the determined network traffic activity that is respectively dropped, limited, passed, or accepted based on the flow specification actions corresponding to the matched one or more flow specification rules; and
generating, by the network monitoring device based on the identified data, a user interface comprising a plurality of lists of ports of external network devices, each list corresponding to a different flow specification action and comprising a plurality of ports of external network devices ordered based on an amount of network traffic impacted by the flow specification action of the list.
|