User guide

ManualsBrandsMSI ManualsHome building and DecorSupero CSE-M35S

121

122

123

124

125

126

127

128

129

130

ManageEngine Firewall Analyzer :: User Guide

129

Zoho Corp.

period. Custom Peiod selection will display _ Days, _ Hours, _

Mins fields besides the selection list.

b. Anomaly Alert Profile type, can be selected when you would like to be

notified of any abnormal behaviors or traffic anomalies. Anomaly reports

can be used for Network Behavioral Analysis (NBA).

i. Select Device(s) for which the alert needs to be triggered by

selecting the Select All check box or selecting the check boxes of

required devices.

ii. Select the type of anomaly alert report (Anomaly Report Type)

you would like to receive. The report types could be Traffic Report,

Attack Report, Virus Report, VPN Report, URL Report, Rule Report,

or Event Report.

iii. Filters:

Each of the above report types provide a set of filters which can be

configured as per the nature of the alert you would like to receive.

iv. Threshold:

Based on the anomaly report type and corresponding filter you

have chosen, the threshold criteria for the alert to be triggered can

be set here.

v. Select the owner for the alert from the Assign Owner: combo box.

The combo box lists all the available users in the Firewall Analyzer.

vi. Notification:

Select the appropriate radio button in Send the below

notifications on every 1st 2nd 3rd 4th 5th occurence option.

Select the check box Send the notifications once and do not

send for <This Day, This Week, This Month, Custom Period>,

to send only one alert notification for the selected period,

irrespective of any number of alerts generated during the selected

period. Custom Peiod selection will display _ Days, _ Hours, _

Mins fields besides the selection list.

Anomaly Sample Scenario :

In a period of 1 hour, if traffic from source 192.168.1.1 exceeds 100 MB,

create a High Priority Alert and send me an email notification on every 5th

occurrence. Also, once in 15 minutes, check whether the traffic has

exceeded 100 MB.

You can achieve the above scenario using the Anomaly Filters.

Steps:

7. Filters section:

Give Source is 192.168.1.1

8. Threshold section:

In a period of 1 Hour, If Total Traffic exceeds 100 MB, create an

Alert with Priority as High Check for every 15Mins. Select the owner

for the alert <Admin> from the Assign Owner for the Alert:

combo box.

9. Select Send E-Mail notification check box and select 5th

occurrence. Provide valid email ids in the Mail To box.

Example: