The Burst Detection condition provides monitoring of your device for unexpected data usage. You specify the amount of data, traffic flow (receives, sends, or both), and the time period.
Note: Device usage shown in SecurityPro is the flow of data packets. It is not billable usage.
Following is an example when the Burst Detection condition would be useful.
Burst Detection Example
A device that should not be communicating frequently suddenly begins communicating more than anticipated. This could indicate misuse of the device.
A tablet typically used to give directions to a pizza delivery driver is communicating more than it should. Upon investigation, the delivery driver has been streaming videos and surfing the web on this device.
If the Burst Detection condition is set, an alert is triggered.
Setting a Burst Detection
- Select Rules from the Dashboard navigator to open the Rules page.
- Click Create Rule.
- Enter a name for the new Rule.
- Select the Severity level (Low, Medium, High, or Critical). The default is Medium.
- Click Add Conditions.
- Click Burst Detection and click Continue.
- Enter the amount of data to limit. The default is 1. Only use whole numbers, do not use decimals.
- Select whether the data size is limited to KB, MB, or GB. The default is KB.
- Select whether the traffic flow direction to be monitored is Send, Receive, or both Send and Receive (the default).
- Select the time frame for this data usage. The default is 1 hour.
- Click Continue.
- Click Continue again.
- Verify your selection.
- Click Save.
Once Conditions are saved, they are displayed in a list in the Conditions section of the Create a Rule page.
Several Condition types are available. Adding at least one Condition is required.
Note: Duplicates of the same Condition within a Rule are not allowed. Refer to Following Rule Condition Restrictions for a list of all restrictions.
You can be notified when an alert is triggered by selecting Add Action and adding one or more e-mail addresses. If you need help, refer to Receiving e-mail notifications about Alerts.
When the Condition and e-mail addresses have been added, click Create Rule.
- SecurityPro checks whether a name for the Rule has been entered. If a name has not been entered, the Rule is not created and the Rule name field is highlighted in red. Enter a Rule name and click Create Rule to create the Rule.
- If a Severity Level for this Rule has not been selected, it defaults to Medium.
Once created, the new Rule is added to the list on the Rules page.
You can now assign this Rule to a Group. For help, refer to Assigning a Rule to a Group.
Important! SecurityPro only monitors your devices to notify you when your Device is not behaving as expected. It does not resolve this behavior. You must take action to resolve your Device’s behavior and then acknowledge within SecurityPro that you have done so.