Examples of Flow Alerts


Use Case #1 - Possible Port Scanning


The user computers are generating too many SYN connections per minutes and this may be sign of a port scanning in progress.


Use Case #2 - Possible Cluster Node Failure


When the active nodes in a cluster attempt to connect to an unresponsive node, UNUM Insight Analytics Flow records an excessive number of connections in SYN state for the cluster housekeeping protocol.


Use Case #3 - Unauthorized Access Attempt of a Secure Server


The administrator wants to be notified of any unauthorized access attempt to access a restricted application on a server.


Use Case #4 - Too Many Open Connections to an Application Server


Alert when established connections to an application server pass a threshold over a given time. Too many open connections may impact the server performance and user experience.


Use Case #5 - DDOS Attack Warning


Alert when total number of connections in any state to a specific network service (as defined by the TCP port “domain”) pass a threshold over a given time.


Use Case #6 - Alert when a lost or stolen device comes online


Alert is based on MAC address of lost/stolen device.


UNUM Switch Analytics Alerts Sample Use Cases are based on Skedler Alerts.


For additional information on the use and configuration of Alerts Sample Use Cases refer to: Skedler Alerts Sample Use Cases.