Forum Discussion

Ciyaresh91's avatar
Ciyaresh91
Copper Contributor
Dec 21, 2023

How do you investigate network anomaly related alerts?

Hello everyone.

 

Using some of the built-in analytical rules such as "Anomaly was observed with IPv6-ICMP Traffic", when you go into the incident event details, its just some numbers of the expected baseline vs actual value. What do you do with this? 

 

Similar case with following rules: 

 

Anomaly found in Network Session Traffic (ASIM Network Session schema)

Anomaly was observed with ESP Traffic

Anomaly was observed with Outbound Traffic

Anomaly was observed with Unassigned Traffic

  • Shonen's avatar
    Shonen
    Copper Contributor

    Hi,

    I have the same question. Do you get some info about it?

Resources