My goal emerges modelling hosts in an enterprise, so what I mean by modelling ?
I want to come up with some features and create my scripts to observe user behaviors, as an example I can say that in one minute time interval the number of outgoing connections from my hosts is X (max or maybe mean value). So if i observe more outgoing traffic than X that may give me some insights that my host is doing on purpose or not something wrong. Do you apply some metrics as a host-based in your network to enhance your enterprise security or are there any tools automates this procedure ?
I give only one example, if there are some other heuristic features that you can suggest, I would like to hear them.
Thanks.
Aucun commentaire:
Enregistrer un commentaire