Server grouping

Hogzilla IDS implements procedures to identifies servers in the protected network and automatically group them based on its regular use.

For example, it generates groups for:

  • Web Servers (HTTP only)
  • Web Servers (HTTP and HTTPs)
  • SSH Servers
  • Printers
  • E-mail Servers

The groups are identified dynamically using K-means clustering. The group distribution and servers in each group can be viewed in the GrayLog’s interface.