SYSTEM AND METHOD FOR AUDITING A SECURITY POLICY

摘要

Provided a computerized system and method of automated auditing a range of rules associated with an enforced security policy. The method comprises automated obtaining log records assigned to a first rule within the range of rules and logged during a counted period (411), each said log record comprising a unique rule identifier and recorded values of respective arguments comprised in the rule; counting a number of records matching certain recorded values and logged within certain time intervals within the counted period (counted values); and automated generating a counted log record assigned to said rule (412), said record comprising the unique rule identifier, the counted period, recorded values of the rule arguments and respective counted values. The method further comprises obtaining a plurality of objects engaged in said first rule (414); resolving a first object among said plurality of objects to a set of resolved values (415); matching said resolved values to the recorded values of the respective arguments, said recorded values comprised in the counted log record assigned to said rule (416); counting each match in accordance with respective counted value, thus giving rise to a plurality of matching values of the resolved values (417); and using the plurality of matching values for analysis related to usage of the first object (420).