Unauthorized Service Request
============================

Genian NAC can detect an unauthorized service requested in a variety of ways.
The Network Sensor monitors the network traffic flow to check the access event
of ports. If an unwanted service is requested on any virtual IP addresses,
Genian NAC suspends the Unknown Service Request and designates the Node as a
critical one. In addition, if the service requests are more than the specified
value within a period of time, then designated as a critical Node.

Configure Settings for Unauthorized Service Request in Anomaly Definition
-------------------------------------------------------------------------

#. Go to **Policy** in the top panel.
#. Go to **Policy > Node Policy > Anomaly Definition** in the left Policy
   panel.
#. Click **Unauthorized Service Request.**
#. Find **Anomaly Event** section to configure more options:

   - For **Event Duration**, optional setting to specify how long the
     unauthorized services are requested:
   - For **Number of Allowable Service Requests**, optional setting to specify
     the threshold to trigger the anomaly detection.
   - For **Attribute to Match**, optional setting to find a Node sending the
     excessive unauthorized service requests.

#. Click **Update.**

Create Node Group For Unauthorized Service Requested
----------------------------------------------------

#. Go to **Policy** in the top panel.
#. Go to **Policy > Group > Node** in the left Policy panel.
#. Click on **Tasks > Create**
#. For **ID:** Unauthorized Service Requested.
#. For **Status:** Enabled.
#. For **Boolean Operator**  select **OR.**
#. Find and click on **Add** in **Condition** section.
#. For each **Anomaly** you want to add use the followings:

   - **Options:** Anomaly.
   - **Operator:** Detected is one of:
   - **Value:** Unauthorized Service Request.

#. Click **Add.**
#. Keep adding **Conditions** as needed.
#. Click **Save.**