The number of logs directly associated with an anomalous activity incident may not accurately reflect the amount of activity to the IP Address, due to potential log filtering.
To see the comprehensive logging levels associated with an IP Address and the related anomalous Incident. A graphical representation is available by opening either the hyperlinked IP address in the incident or by going to reports tab and then to IP Addresses.
The red line gives the average number of logs over last 30 days.
Note: Anomalous incident will trigger when number of logs in last 24 hours to or from an IP address are greater than 30 day average + 4 Standard deviation of that particular IP address.
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.