Security policies

The optional NetProfiler security analytics module detects network security events by comparing current network behavior to mathematically-derived profiles of behavior that is typical for the current time of day and day of the week. more about security profiles

A network event that violates a security policy is dynamically assigned a severity based on the set of metrics and parameters used by the analytics that detected the event. The severity number (1 to 100) is checked against a user-definable set of alerting thresholds to determine if the NetProfiler should generate an alert.

Events that have a severity that exceeds a High, Medium, or Low alerting threshold are logged and trigger alert indications and notifications.

Overview of behavior analysis

Overview of security policies

Enabling event detection

Security policy alerting thresholds

Adding alerting thresholds to security policies

Notifications

Security event detection and alerting FAQs

Tuning security event detection analytics

Security profiles

Behavior analysis