Unauthorized Service Request
============================

Genian |product_name| can detect an unauthorized service requested in a variety of ways.
The Network Sensor monitors the network traffic flow to check the access event
of ports. If an unwanted service is requested on any virtual IP addresses,
Genian |product_name| suspends the Unknown Service Request and designates the Node as a
critical one. In addition, if the service requests are more than the specified
value within a period of time, then designated as a critical Node.

Configure Settings for Unauthorized Service Request in Anomaly Definition
-------------------------------------------------------------------------

#. Go to **Policy** in the top panel.
#. Go to **Policy > Node Policy > Anomaly Definition** in the left Policy
   panel.
#. Click **Unauthorized Service Request.**
#. Find **Anomaly Event** section to configure more options:

   - For **Event Duration**, optional setting to specify how long the
     unauthorized services are requested:
   - For **Number of Allowable Service Requests**, optional setting to specify
     the threshold to trigger the anomaly detection.
   - For **Attribute to Match**, optional setting to find a Node sending the
     excessive unauthorized service requests.

#. Click **Update.**

Create Node Group For Unauthorized Service Requested
----------------------------------------------------

#. Go to **Policy** in the top panel.
#. Go to **Policy > Group > Node** in the left Policy panel.
#. Click on **Tasks > Create**
#. For **ID:** Unauthorized Service Requested.
#. For **Status:** Enabled.
#. For **Boolean Operator**  select **OR.**
#. Find and click on **Add** in **Condition** section.
#. For each **Anomaly** you want to add use the followings:

   - **Options:** Anomaly.
   - **Operator:** Detected is one of:
   - **Value:** Unauthorized Service Request.

#. Click **Add.**
#. Keep adding **Conditions** as needed.
#. Click **Save.**