Policy Application Standards Based on Macro Detection Levels
💡 Importance Classification Criteria: Selects the importance based on the accuracy of policies that can clearly detect macros.
- Essential: A policy that can clearly define as a macro, allowing for immediate blocking operation.
- Recommended: Policies generally considered macros, but normal users may also be detected due to thresholds, recommended to operate in combination with secondary verification.
Static Analysis
| Policy Name | Importance |
|---|---|
| Blocking through Header Analysis | Essential |
| Blocking through IP Management | Essential |
| Blocking through Access Statistics Analysis | Recommended |
Dynamic Analysis
| Category | Policy Name | Importance |
|---|---|---|
| General | Blocking Overseas Access | Recommended |
| Behavior Analysis | If excessive URL requests occur from a single user within 1 second | Recommended |
| If excessive URL requests occur from a single user within 1 minute | Recommended | |
| If excessive URL requests occur from a single user within 1 day | Recommended | |
| Excessive requests for specific URLs | Recommended | |
| URL call counts repeat the same pattern every minute | Essential | |
| Multiple personal IDs issued from a single IP | Recommended | |
| A single personal ID accessed from multiple IPs | Essential | |
| Repeated direct access to specific URLs | Essential | |
| Specific actions occurring at an abnormal speed | Essential | |
| Access to specific URLs outside set times | Recommended |
Macro Detection Policies
MBUSTER's macro detection policies are broadly classified into two categories:
- Static Analysis: Techniques for determining the presence of macros at the entry point of MBUSTER API 🔎 Learn more about static analysis policies
- Dynamic Analysis: Analyzing user logs based on dynamic behavior analysis ruleset 🔎 Learn more about dynamic analysis policies