Abstract: A network security system monitors data traffic being transmitted between a first device and a second device in a network to identify a plurality of commands being transmitted between the first device and the second device. The network security system then generates a whitelisting policy based on the plurality of commands being transmitted between the first device and the second device. After generating the whitelisting policy, the network security system receives subsequent data traffic being transmitted between the first device and the second device, and determines, based on the subsequent data traffic, a first command being transmitted between the first device and the second device. In response to determining that the first command is not included in the whitelisting policy, the network security system generates an alert in relation to the first command.

Abstract: A network security system monitors, during a time period, data traffic transmitted between devices in a network to identify a plurality of commands transmitted between the devices. The network security system determines, from the plurality of commands, a first set of commands that were transmitted between a first device and a second device in the network. The network security system determines that the first set of commands includes a threshold number of commands from a first predetermined command group of a plurality of predetermined command groups. Each predetermined command group includes a listing of commands. The network security system generates a first policy based on the first predetermined command group.

Abstract: A network security system monitors, during a time period, data traffic transmitted between devices in a network to identify a plurality of commands transmitted between the devices. The network security system determines, from the plurality of commands, a first set of commands that were transmitted between a first device and a second device in the network. The network security system determines that the first set of commands includes a threshold number of commands from a first predetermined command group of a plurality of predetermined command groups. Each predetermined command group includes a listing of commands. The network security system generates a first policy based on the first predetermined command group.

Abstract: A network security system monitors data traffic being transmitted between a first device and a second device in a network to identify a plurality of commands being transmitted between the first device and the second device. The network security system then generates a whitelisting policy based on the plurality of commands being transmitted between the first device and the second device. After generating the whitelisting policy, the network security system receives subsequent data traffic being transmitted between the first device and the second device, and determines, based on the subsequent data traffic, a first command being transmitted between the first device and the second device. In response to determining that the first command is not included in the whitelisting policy, the network security system generates an alert in relation to the first command.