Firewall drift monitoring and detection

What is claimed is: 1. A non-transitory computer-readable medium storing computer program instructions that, when executed by a computer system, effectuate operations comprising: obtaining, with a computing system, a first set of firewall rules of a first firewall for a first instance of a distributed application, the first set of firewall rules specifying whether respective pairs of network sockets of a first set of network sockets are authorized to communicate with one another via network traffic, the first instance of the distributed application comprising a first set of instances of a plurality of processes executing on a first plurality of computers, and wherein each network socket of the first set of network sockets comprises an IP address and a port number of a port specifying one of the first set of instances associated with the network traffic; obtaining, with the computer system, a second set of firewall rules of a second firewall for a second instance of the distributed application, the second set of firewall rules specifying whether respective pairs of network sockets of a second set of network sockets are authorized to communicate with one another via network traffic, the second instance of the distributed application comprising a second set of instances of the plurality of processes executing on a second plurality of computers, and wherein each network socket of the second set of network sockets comprises an IP address and a port number of a port number of a port specifying one of the second set of instances associated with the network traffic; obtaining, with the computer system, a mapping of a plurality of network sockets from amongst the first set of network sockets and the second set of network sockets to identifiers of processes among the plurality of processes, the mapping indicating which processes of the plurality of processes have respective instances from amongst the first set of instances and the second set of instances bound to which network sockets of the plurality of network sockets; determining, with the computer system, based on the mapping, whether the first set of firewall rules prohibit different processes from the plurality of processes from communicating with one another than the second set of firewall rules, the determination comprising: translating network sockets included within the first set of firewall rules and the second set of firewall rules into identifiers of processes from the plurality of processes to obtain a translated first set of rules and a translated second set of rules; and comparing the translated first set of rules and the translated second set of rules; and using the translated first set of firewall rules or the translated second set of firewall rules to determine whether the first set of firewall rules prohibit different programs from communicating with one another than the second set of firewall rules; and storing, with the computer system, a result of the determination in memory. 2. The non-transitory computer-readable medium of claim 1 , wherein the operations further comprise: generating, with the computing system, the mapping of the plurality of network sockets to the identifiers of the processes from among the plurality of processes prior to the first set of firewall rules and the second set of firewall rules being obtained. 3. The non-transitory computer-readable medium of claim 2 , wherein generating comprises: scanning, with the computing system, the first firewall to extract a first list of IP addresses that are permitted to send, receive, or send and receive network traffic for one or more of the first plurality of computers; scanning, with the computing system, the second firewall to extract a second list of IP addresses that are permitted to send, receive, or send and receive network traffic for one or more of the second plurality of computers; obtaining, with the computing system, data indicating which instances of the first set of instances and the second set of instances have been accessed by IP addresses included in the first list of IP addresses and the second list of IP addresses; and generating, with the computing system, based on the data, a data structure comprising the first list of IP addresses and the second list of IP addresses and a given instance of the first set of instances and the second set of instances linked to a respective IP address from the first list of IP addresses and the second list of IP addresses, wherein the data structure comprises the mapping. 4. The non-transitory computer-readable medium of claim 1 , wherein the mapping is updated in response to a predetermined amount of time elapsing. 5. The non-transitory computer-readable medium of claim 1 , wherein the mapping is updated based on an HTTP request submitted by a first computer from the first plurality of computers or the second plurality of computers. 6. The non-transitory computer-readable medium of claim 5 , wherein the operations comprise: updating, with the computing system, the mapping of the plurality of network sockets to the identifiers of processes among the plurality of processes, wherein updating comprises: receiving the HTTP request from the first computer; and extracting, from the HTTP request, a source IP address of the first computer, a destination IP address for the HTTP request, and a port number of a port over which data associated with the HTTP request is to be communicated, wherein the destination IP address corresponding to a second computer from the first plurality of computers and the second plurality of computers, the first set of firewall rules being obtained based on the first plurality of computers including the first computer, and the second set of firewall rules being obtained based on the second plurality of computers including the second computer. 7. The non-transitory computer-readable medium of claim 1 , wherein translating network sockets comprises: selecting, with the computing system, a first firewall rule from the first set of firewall rules; extracting, with the computing system, from the first firewall rule, a first source IP address, a first destination IP address, and a first port number; determining, with the computing system, based on the mapping, that at least one instance of the first set of instances of the plurality of processes of the first instance of the distributed application is accessed by at least one of the first source IP address or the first destination IP address; generating, with the computing system, a first translated rule comprising the at least one instance of the first set of instances of the plurality of processes of the first instance of the distributed application and the first port number extracted from the first firewall rule, wherein the selecting, extracting, determining, and generating are repeated for each firewall rule in the first set of firewall rules to obtain the translated first set of rules; selecting, with the computing system, a second firewall rule from the second set of firewall rules; extracting, with the computing system, from the second firewall rule, a second source IP address, a second destination IP address, and a second port number; determining, with the computing system, based on the mapping, that at least one instance of the second set of instances of the plurality of processes of the second instance of the distributed application is accessed by at least one of the second source IP address or the second destination IP address; and generating, with the computing system, a second translated rule comprising the at least one instance of the second set of instances of the plurality of processes of the second instance of the distributed application and the second port number extracted from the second firewall rule, wh