Multi-layered policy management

The invention claimed is: 1. A system comprising: a multi-level policy management engine configured to generate a multi-level policy for a network environment, wherein the multi-level policy includes a first policy at a low level of abstraction and a second policy at a high level of abstraction, and wherein the second policy at the high level of abstraction references an action to take if a particular activity is attempted by a device included in the network environment; an Internet Protocol (IP) endpoint discovery and classification engine configured to: discover, in the network environment, an Internet of Things (IoT) device which does not match at least one of the first or second policies, and classify the IoT device to make at least one of the first or second policies applicable to the IoT device, including by identifying that the IoT device does not have at least one of the first or second policies as an applicable policy, determining that the IoT device has violated at least one of the first or second policies, and in response, make the at least one of the first or second policies that has been violated applicable to the IoT device; and a multi-level policy compliance detection engine configured to apply a set of multi-level policies to the IoT device based on the classification of the IoT device. 2. The system of claim 1 , wherein the multi-level policy compliance detection engine is further configured to detect a deviation, by the IoT device, from the applicable policy, and wherein the system further comprises a signal correlation engine configured to generate and send an alert to an administrator of the network environment. 3. The system of claim 1 , wherein the first policy at the low level of abstraction is at least context-based, and includes one or more of background event context, identity-based context, and group-based context. 4. The system of claim 1 , wherein the first policy at the low level of abstraction is at least packet-based, and is based at least in part on patterns in packets that match regular expressions of policy rules. 5. The system of claim 1 , wherein the second policy at the high level of abstraction is at least event-based, and is based at least in part on converting patterns to fields of an event. 6. The system of claim 1 , wherein the second policy at the high level of abstraction is one of at least activity-based or behavior based. 7. The system of claim 1 , wherein an administrator of the network environment is permitted to modify the second policy at the high level of abstraction and the first policy at the low level of abstraction. 8. The system of claim 1 , wherein the multi-level policy management engine is configured to permit an administrator of the network environment to modify the second policy at the high level of abstraction and prevent the administrator from modifying the first policy at the low level of abstraction. 9. The system of claim 1 , wherein generating the multi-level policy is based at least in part on machine learning. 10. The system of claim 1 , wherein classifying the IoT device is based at least in part on machine learning. 11. A method comprising: generating a multi-level policy for a network environment, wherein the multi-level policy includes a first policy at a low level of abstraction and a second policy at a high level of abstraction, and wherein the second policy at the high level of abstraction references an action to take if a particular activity is attempted by a device included in the network environment; discovering, in the network environment, an Internet of Things (IoT) device which does not match at least one of the first or second policies, and classifying the IoT device to make at least one of the first or second policies applicable to the IoT device, including by identifying that the IoT device does not have at least one of the first or second policies as an applicable policy, determining that the IoT device has violated at least one of the first or second policies, and in response, making the at least one of the first or second policies that has been violated applicable to the IoT device; and applying the set of multi-level policies to the IoT device based on the classification of the IoT device. 12. The method of claim 11 , further comprising detecting a deviation, by the IoT device, from the applicable policy, and in response generating and sending an alert to an administrator of the network environment. 13. The method of claim 11 , wherein the first policy at the low level of abstraction is at least context-based, and includes one or more of background event context, identity-based context, and group-based context. 14. The method of claim 11 , wherein the first policy at the low level of abstraction is at least packet-based, and is based at least in part on patterns in packets that match regular expressions of policy rules. 15. The method of claim 11 , wherein the second policy at the high level of abstraction is at least event-based, and is based at least in part on converting patterns to fields of an event. 16. The method of claim 11 , wherein the second policy at the high level of abstraction is one of at least activity-based or behavior-based. 17. The method of claim 11 , wherein an administrator of the network environment is permitted to modify the second policy at the high level of abstraction and the first policy at the low level of abstraction. 18. The method of claim 11 , wherein an administrator of the network environment is permitted to modify the second policy at the high level of abstraction and is not permitted to modify the first policy at the low level of abstraction. 19. The method of claim 11 , wherein generating the multi-level policy is based at least in part on machine learning. 20. The method of claim 11 , wherein classifying the IoT device is based at least in part on machine learning.