Hogzilla IDS implements procedures to identifies servers in the protected network and automatically group them based on its regular use.
For example, it generates groups for:
- Web Servers (HTTP only)
- Web Servers (HTTP and HTTPs)
- SSH Servers
- E-mail Servers
The groups are identified dynamically using K-means clustering. The group distribution and servers in each group can be viewed in the GrayLog’s interface.