cancel
Showing results for 
Search instead for 
Did you mean: 

Network traffic analysis on anomalous incindents

Hello, I configured Alarm to monitor possible DDos Attacks. For example,  when traffic increased on device 200% in short time interval .

In this example I'm using netflow on router.

Is it corect?

flow.PNGalarm.PNG

2 Replies
paul.k
Level 10
Report Inappropriate Content
Message 2 of 3

Re: Network traffic analysis on anomalous incindents

This will yield a lot of false positives.

I would consider doing as a correlation rule if have an ACE and use deviation factor.

Regards,

Re: Network traffic analysis on anomalous incindents

As Paul_k mentions, this will raise a lot of false alarms, and you should look at correlations.

     Perhaps you can define specific src and destinations, ports, or other measures.

     you might be able to get help from your network team, looking at some availability stats and such

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community