Anomaly Detection

Anomaly Detection policies discover suspicious behavior in the network based on the system's built-in capabilities for detecting deviations from normal activity. The following anomaly detection policies are available:

• Deviations from a network traffic baseline: You define a baseline of normal network traffic based on the traffic map during a specified time range and generate alerts for deviations from the baseline. You can update the baseline at any time.

• Spike in network traffic: OT Security detects a dramatic increase in the volume of network traffic or number of conversations.

• Potential network reconnaissance or cyber-attack activity: OT Security generates events for activities indicative of reconnaissance or cyber-attack activity in the network, such as IP conflicts, TCP port scans, and ARP scans.