-
DDoS Attacks – Platform automatically mitigates attack Description: this use case shows how the platform can identify an incoming DDoS attack and activate mitigation procedures. Scenario: an incoming DDoS attack occurs and creates an overload on a webserver. If not mitigated it will cause services to go down and deny legitimate users access to resources.
-
Human Error Remediation – Operator disables firewall on an instance, virtual machine or server Description: this use case describes how the platform can identify and fix a human error which, in this case, is the action of disabling the firewall on an instance. Scenario: during daily activities an operator disables by error the firewall configured
-
Description: a typical attack case which may occur against many different types of protocols (SSH, HTTP, FTP, etc) consisting on unwanted or not authorized accesses logged by the O.S. or by a service or an application. The common factor in this attack is the frequency and the status of the requests coming from the attacker.
-
Description: A service installed on an instance has its own settings regarding disk space management and generates a log line when the configured threshold is reached. It is important to receive and manage this type of event in the shortest time possible, also intervening with mitigation actions (for e.g. running a cleanup process). Scenario: during
-
Description: this condition may be caused by a variety of different reasons and may disrrupt of one or more services. An abnormal number of connections to a service may happen for different reasons, all of which require a quick response: In all cases corrective actions must be taken to avoid the problem, and the first
-
Description: when the email password credentials are leaked from a mail server, an attacker may use that system to send millions of spam emails. The impact is on the reputation of the mail system which is reported in the global anti-spam engines (blacklists), after sending out a certain number of spam emails. We want to
