Table of Contents
Advertisement
56
M
S
ANAGING
ENTRIES
Creating an Anomaly
Sentry
Step 1
Step 2
Step 3
An anomaly sentry monitors your deployment for any abnormal activity. This sentry
generates an alert in one of the following situations:
If a consistently inactive object becomes active.
•
If a consistently active object becomes inactive.
•
If an object is consistently active, a certain percentage of the time experiences
•
a change in activity.
For example, if you configure an Anomaly sentry with the following values:
•
Large Window: 1 Day
Small Window: 1 Hour
•
Percent change required to alert: 50
•
•
Condition for alert: 25% + 12.5% = 37.5%
If the SSH server is typically used for 15 minutes out of every hour and the server
becomes active for more than 22.5 minutes in an hour, an alert generates.
To create an anomaly sentry:
Click the Network Surveillance tab.
The Network Surveillance interface appears.
Navigate to the appropriate view you wish the sentry to apply.
For information on navigating views, see
Activity.
Note: You cannot create a sentry in the ByNets view. You must navigate to a
non-related view to create a sentry.
Below the graph, click Add Sentry.
The Add Sentry Wizard appears.
STRM Users Guide
Chapter 3 Managing Your Network
Advertisement
Table of Contents
