Learn how to setup Network Anomaly Detection to detect anomalies in a device's network based on predefined IPs
Overview
Network Anomaly Detection is a feature designed to detect anomalies in a device's network based on predefined IPs. This guide will walk you through setting up and configuring a network anomaly detection automation in the Senturo dashboard.
Steps to Set Up Network Anomaly Detection
1. Navigate to the Senturo Dashboard
- Start by logging into your Senturo dashboard.
2. Add Automation Rules
- Click on the "Add Automation" button.
- On the "Rules" step, select "Network Anomaly Detection."
3. Select or Create a Policy
You have the option to select a saved policy or create a new one:
- Select a Saved Policy: Choose from existing policies.
- Create a New Policy: Click the '+' button.
- Enter a unique policy name for identification.
4. Upload Approved IP Ranges
- Download CSV template: Download the provided CSV template and add your approved IP ranges.
- Upload CSV File: Upload the CSV file containing the approved IP ranges.
5. Save the Policy
- Click on the "Save" button to save the policy and then select the policy to proceed with configuring the rest of the automation.
Conclusion
Setting up Network Anomaly Detection in Senturo is straightforward. It enhances the security of your devices by monitoring and alerting you to unusual activities.
FAQs
Q: How do I create a comprehensive policy for Network Anomaly Detection? A: Start by defining your approved IP ranges. Use this information to trigger alerts and actions for deviations from these norms.
Q: Can I edit an existing policy? A: Yes, you can edit existing policies by navigating to the "Network Anomaly Detection" section, selecting the policy, and making the necessary adjustments. This will also update any automation that is utilizing the policy.
Q: What types of anomalies will trigger alerts? A: Alerts are triggered by deviations from the predefined IP addresses.