Examples of Flow Alerts

Use Case #1 - Possible Port Scanning

The user computers are generating too many SYN connections per minutes and this may be sign of a port scanning in progress.

Use Case #2 - Possible Cluster Node Failure

When the active nodes in a cluster attempt to connect to an unresponsive node, UNUM Insight Analytics Flow records an excessive number of connections in SYN state for the cluster housekeeping protocol.

Use Case #3 - Unauthorized Access Attempt of a Secure Server

The administrator wants to be notified of any unauthorized access attempt to access a restricted application on a server.

Use Case #4 - Too Many Open Connections to an Application Server

Alert when established connections to an application server pass a threshold over a given time. Too many open connections may impact the server performance and user experience.

Use Case #5 - DDOS Attack Warning

Alert when total number of connections in any state to a specific network service (as defined by the TCP port “domain”) pass a threshold over a given time.

Use Case #6 - Alert when a lost or stolen device comes online

Alert is based on MAC address of lost/stolen device.

UNUM Switch Analytics Alerts Sample Use Cases are based on Skedler Alerts.

For additional information on the use and configuration of Alerts Sample Use Cases refer to: Skedler Alerts Sample Use Cases.