Detecting Anomalies
===================

Once the configured **Anomaly Definition** is assigned to the **Node Policy**
you would like to apply, any anomaly will be almost immediately detected either
by a **Network Sensor** or by an **Agent**. You may see the results in a
variety of ways.

   - Find **Anomaly** column in **Node Management.**
   - Edit Node View for **Anomaly View.**
   - Trace **Anomaly Logs.**
   - Glance **Dashabord Widget** for **Anomaly** tab.
   - Filter **Status & Filters.**

Furthermore, you can be notified about any pre-defined anomalies that are
detected.

For notifying a user about the anomalies detected, see:
:doc:`/logs/sending-events`

Assign Pre-Configured Anomaly Definitions to existing Node Policy
-----------------------------------------------------------------

By default, Node Policies are not detecting anomalies. For creating anomaly
definitions see: :doc:`threat-definition`

To add Anomaly Definitions to a Node Policy and actively detect anomalies:

#. Go to **Policy** in the top panel.
#. Go to **Policy > Node Policy** in the left Policy panel.
#. Find and click on ** [Policy Name] ** in the main Node Policy window.
#. Find **Anomaly** section. Click **Assign.**
#. Select **Anomaly** from **Available** column, and move to **Selected**
   column.
#. Click **Add.**
#. Click **Update.**

See Detected Anomalies
----------------------

Detected Anomalies can be viewed by the following methods:

Anomaly Column in Node Management
'''''''''''''''''''''''''''''''''

#. Go to **Management > Node** in top panel.
#. Find **Anomaly** column and see an icon. (*You might be able to see its
   details by clicking on the icon displayed*)

Anomaly View in Node Management
'''''''''''''''''''''''''''''''

#. Go to **Management > Node** in top panel.
#. Find **Menu (3 dots and lines)** button that places next to Tasks button and
   click on that.
#. Find **Views** and select **Anomaly View.**
#. **Threat Detected** and **Threat Definition** columns will appear. (*A
   column may be configurable by clicking* **Edit Columns**)

Anomaly Logs
''''''''''''

#. Go to **Log > Log** in the top panel.
#. Go to **Logs > Anomaly Logs** in the left Log panel.

Anomaly Tab in Dashboard
''''''''''''''''''''''''

#. Go to **Dashboard** in the top panel.
#. Go to **Anomaly** tab.

Status & Filters
''''''''''''''''

#. Go to **Management > Node** in the top panel.
#. Go to **Status & Filters > Anomaly Detection** or **Node with Anomaly** in
   the bottom left panel.

Clear Anomaly Detection Records
-------------------------------

#. Go to **Management > Node** in top panel.
#. Find and click **Checkbox** of desired Nodes.
#. Click **Tasks > Node and Device > Clear Anomaly Records.**
#. Click **OK.**