After connecting to the Addy service for anomaly detection, you can find anomalies by
time interval, by protocol, or by your applications and devices. Anomalies are sorted by
their start time. The most recent anomaly is listed first.
Each anomaly provides high-level information about the type of unusual behavior that
occurred, when the behavior occurred, and the source of the behavior. For more
information, see Interpret anomalies
and Navigating anomaly detection.
The following steps show you how to find and filter anomalies:
-
Log into the Web UI on the Discover or Command appliance, click
Alerts at the top of the page, and then click
Anomalies in the left pane.
A list of anomalies for the current time interval appears. If the list
is empty, then the Addy service has not detected anomalies for the selected time
interval.
-
Filter anomalies by selecting the following options:
| Option |
Description |
|---|
| Change the time interval |
View anomalies from a different time period. To see active, ongoing
anomalies in your environment, change the time interval to
Last 30 minutes. |
| Click Any Protocol |
Select one or more protocols from the drop-down list to filter
anomalies by protocol. Then, click anywhere outside of the drop-down
list to display the list of filtered anomalies. You can select more than
one protocol. |
| Click Any Source Type |
Select an Application or
Device from the drop-down list to filter
anomalies by source. |
| Click Any Source Appliance |
(Command appliance only) Select the name of the Discover appliance
to view anomalies for applications and devices on that
appliance. |
Thank you for your feedback. Can we contact you to ask follow up questions?