Network security system with customizable rule-based analytics engine for identifying application layer violations

摘要

Methods, devices, and storage media storing instructions to obtain logs from a security device and one or multiple service-providing devices, wherein the logs include information pertaining to traffic flow activity at an application layer associated with a service; store rules that identify behavior ranging from unintentional through intentional for one or multiple communication layers including an application layer; interpret the logs based on the rules; determine whether a violation exists based on the interpreting; and generate a notification that indicates the violation exists in response to a determination that the violation exists.

主权项

1. A method comprising:
receiving, by a security device, a traffic flow for use of a service; receiving, by one or more service-providing devices, the traffic flow; obtaining, by an analytics device, logs from the security device and the one or more service-providing devices, wherein the logs include information pertaining to traffic flow activity at an application layer associated with the service; storing, by the analytics device, rules that identify behavior ranging from unintentional behavior through intentional behavior for one or multiple communication layers including an application layer of a communication stack, wherein the unintentional behavior includes behavior that unnecessarily uses resources associated with the service; interpreting, by the analytics device, the logs based on one or more of the rules; determining, by the analytics device, whether a violation exists based on the interpreting; and generating a notification in response to determining that the violation exists.