Detecting Anomalies

Once the configured Anomaly Definition is assigned to the Node Policy you would like to apply, any anomaly will be almost immediately detected either by a Network Sensor or by an Agent. You may see the results in a variety of ways.

  • Find Anomaly column in Node Management.
  • Edit Node View for Anomaly View.
  • Trace Anomaly Logs.
  • Glance Dashabord Widget for Anomaly tab.
  • Filter Status & Filters.

Furthermore, you can be notified about any pre-defined anomalies that are detected.

For notifying a user about the anomalies detected, see: Sending Events

Assign Pre-Configured Anomaly Definitions to existing Node Policy

By default, Node Policies are not detecting anomalies. For creating anomaly definitions see: Creating Anomaly Definition

To add Anomaly Definitions to a Node Policy and actively detect anomalies:

  1. Go to Policy in the top panel.
  2. Go to Policy > Node Policy in the left Policy panel.
  3. Find and click on ** [Policy Name] ** in the main Node Policy window.
  4. Find Anomaly section. Click Assign.
  5. Select Anomaly from Available column, and move to Selected column.
  6. Click Add.
  7. Click Update.

See Detected Anomalies

Detected Anomalies can be viewed by the following methods:

Anomaly Column in Node Management

  1. Go to Management > Node in top panel.
  2. Find Anomaly column and see an icon. (You might be able to see its details by clicking on the icon displayed)

Anomaly View in Node Management

  1. Go to Management > Node in top panel.
  2. Find Menu (3 dots and lines) button that places next to Tasks button and click on that.
  3. Find Views and select Anomaly View.
  4. Threat Detected and Threat Definition columns will appear. (A column may be configurable by clicking Edit Columns)

Anomaly Logs

  1. Go to Log > Log in the top panel.
  2. Go to Logs > Anomaly Logs in the left Log panel.

Anomaly Tab in Dashboard

  1. Go to Dashboard in the top panel.
  2. Go to Anomaly tab.

Status & Filters

  1. Go to Management > Node in the top panel.
  2. Go to Status & Filters > Anomaly Detection or Node with Anomaly in the bottom left panel.

Clear Anomaly Detection Records

  1. Go to Management > Node in top panel.
  2. Find and click Checkbox of desired Nodes.
  3. Click Tasks > Node and Device > Clear Anomaly Records.
  4. Click OK.