LIke with syslogging/log analytics is what I had in mind. Middleware handles the filtering. System I used parsed logs to sql, and the web appliance ran the front end that talked to sql. That had all the nice filters, checkboxes, report builders and such to not get gritty with t-sql.
When you want to see it all with cisco, you see it all.
devices like ASA’s will tell you many things. They are verbose as hell really. Too verbose. if they could eat they’d tell you what they had for lunch, where they had it, that they felt it was too much/not enough salt, how much they paid for it and so on verbose. tl;dr… they broadcast noisy logs.
Remove expected linked behavior, or benign log traffic, and log reports get more manageable.
Not all token is added traffic. Some are now reformed 3rd party users taking the legal option now. Kind of like prohibition. the day it lifted people went back the bars. Some People who were in a speak easy the week prior even before ban lifted.
Blizzard can now go okay…let’s see why these other people just made 20K for no upfront reason. They don’t have a token on file. They have not reformed potentially.
How does the token impact your filtering/identification process in any way? It literally is an added variable that has to be eliminated from the potential gold shift that happened with the account. In your own example they have to figure out how a person gained 20k within some timespan, this means they would require log checks on each of the transactional changes of where gold was gained or removed through the period of time.
Honestly the biggest obstacle to your theory is data retention. Most companies that do not even deal with such detailed and high volume of transactional detail do not store this level of data across millions of users. It would be too much for a data warehouse to handle and support and we know Blizzard isnt going to spend that king of money. I bet they do not retain logs for very long and filter down the key variables and details to only what is critical incase of a backup/refresh of sorts. The bottomline is they have proven they arent interested in investing money to pursue and fix the situation, they installed token to benefit from it. Their only detection programs are high level and automated, they will not bother to invest or invent better.
Are they not better banning the sellers and bots… surely there is less of them than buyers. Although you dont really need gold in wrath to do all of the content so its silly either way