主权项 |
1. A method comprising:
identifying, by a computing system, a plurality of packets received by a network device from a host located in a first network; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets received by the network device; identifying, by the computing system, a plurality of packets transmitted by the network device to a host located in a second network; generating, by the computing system, a plurality of log entries corresponding to the plurality of packets transmitted by the network device; correlating, by the computing system and based on the plurality of log entries corresponding to the plurality of packets received by the network device and the plurality of log entries corresponding to the plurality of packets transmitted by the network device, the plurality of packets transmitted by the network device with the plurality of packets received by the network device; and responsive to correlating the plurality of packets transmitted by the network device with the plurality of packets received by the network device:
generating, by the computing system, one or more rules configured to identify packets received from the host located in the first network; andprovisioning a packet-filtering device with the one or more rules configured to identify packets received from the host located in the first network. |