Graph approach for firewall logs & rules analysis

Level 3
Graph approach for firewall logs & rules analysis

I have been using Dataiku Graph Analytics plugin for a few weeks for firewall rules & logs analysis following the approach.

This approach offered quick benefits: 

 - It helped understanding configuration issues using a visual approach, much more understandable than an excel sheet with hundred on config lines.

- It helped assessing compromised accounts impact using security logs extracted from various systems.

However, the dataiku graph analytics plugin quickly showed some limits when displaying thousands of nodes and edges in a chart. The main limitation is linked with graph filtering / subgraph extraction to focus on relevant objects.

I started developping an additional recipe to the graph analytics plugin which returns an induced subgraph of neighbors centered at selected nodes within a configurable radius. This draft work is shared in the draft PR and I would be happy if some of you had time to test it, provide feedback, or contribute to this work.





0 Kudos
0 Replies