How to enable Security Analytics?
Advanced Analytics Security Module (ASAM) is an add-on in NetFlow Analyzer. You can enable Security module from Settings.
- Navigate to Settings > NetFlow > Security Analytics
- Click on "Enable" to enable Security module
Note: Make sure you have purchased the license for Security module.
How to customize problem events?
- Navigate to Settings > NetFlow > Security Analytics
- Click on "Manage Problems"
- Select any problem type and select the sub-category for problem
- Disable unwanted problem names under that class
How to customize resources?
- Navigate to Settings > NetFlow > Security Analytics
- Click on "Manage Resource"
- Select RIP/IP/NET and select the resources
- Disable unwanted resources
- If you want to enable any particular resource, click on "Disable List" and follow the same procedure
How to customize ASAM algorithm ?
- Navigate to Settings > NetFlow > Security Analytics
- Click on "Manage Algorithm"
- Select any algorithm type and select its sub-category
- Disable unwanted categorization for problems under that class
How to customize the threshold for events?
ASAM has predefined the threshold for every problem class and its classification. It is possible to edit thresholds for each problem type from Settings.
- Settings > NetFlow > Attacks
- Click on "Threshold" to edit Threshold settings
- Click on any particular problems and edit the upper limit and lower threshold value
- Click on Advanced Settings for more changes
- Save
How to create an alert profile for ASAM?
You can generate alerts and get notified in case of any threshold violation for attacks.
- Settings > NetFlow >Security Analytics
- Click on "Alert Profiles" to edit / add a new alert notification
- Select Algorithm
- Next, provide Criteria
- Add the profile with name, retention period, notification details.
- Save
