Potential Use Cases for UNUM Switch Analytics Alerts
Use Case #1 - Possible Port Scanning
The user computers are generating too many SYN connections per minutes and this may be sign of a port scanning in progress.
Use Case #2 - Possible Cluster Node Failure
When the active nodes in a cluster attempt to connect to an unresponsive node, UNUM Insight Analytics Flow records an excessive number of connections in SYN state for the cluster housekeeping protocol.
Use Case #3 - Unauthorized Access Attempt of a Secure Server
The administrator wants to be notified of any unauthorized access attempt to access a restricted application on a server.
Use Case #4 - Too Many Open Connections to an Application Server
Alert when established connections to an application server pass a threshold over a given time. Too many open connections may impact the server performance and user experience.
Use Case #5 - DDOS Attack Warning
Alert when total number of connections in any state to a specific network service (as defined by the TCP port “domain”) pass a threshold over a given time.
Use Case #6 - Alert when a lost or stolen device comes online
Alert is based on MAC address of lost/stolen device.
UNUM Switch Analytics Alerts Sample Use Cases are based on Skedler Alerts.
Additional information on the use and configuration of Alerts Sample Use Cases can be found at: Skedler Alerts Sample Use Cases.