| CPC H04L 63/0263 (2013.01) [G06F 18/214 (2023.01); G06N 20/00 (2019.01); H04L 43/06 (2013.01); H04L 63/0236 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A computer-implemented method executed by data processing hardware that causes the data processing hardware to perform operations comprising:
obtaining firewall utilization data for connection requests received by a firewall during a utilization period, the firewall utilization data including hit counts during the utilization period for each sub-rule of a set of sub-rules associated with at least one firewall rule;
for each sub-rule of the set of sub-rules associated with the at least one firewall rule, determining, using a trained firewall utilization model, a corresponding sub-rule utilization probability indicating a likelihood the sub-rule will be used for a future connection request;
generating firewall utilization insights based on the corresponding sub-rule utilization probability determined for each sub-rule;
generating one or more firewall configuration recommendations based on the firewall utilization insights, each firewall configuration recommendation of the one or more firewall configuration recommendations recommending modification to one or more sub-rules of the set of sub-rules; and
providing the one or more firewall configuration recommendations to a user.
|