H3C Technologies H3C Intelligent Management Center User Manual
Page 45
36
{
Window Size (1 to 10 min)—Set the size of the time window in the range of 1 to 10 minutes.
After completing the configuration, click OK next to the Window Size field.
Anomaly Detection List area
{
Name—Anomaly that UBA can monitor. You can click the anomaly name to view anomaly
details.
{
Description—Description for the anomaly.
{
Threshold—Threshold at which the anomaly detection generates an alarm.
{
Alarm Level—Level of the alarm. Options are Critical, Major, Minor, Warning, and Info.
{
Enable—Whether or not the anomaly detection is enabled.
{
Modify—Allows you to click the Modify icon
to modify the anomaly detection template.
Viewing details about an anomaly template that uses common
parameters
shows the anomaly detection templates that use common parameters.
Table 2 Anomaly detection templates that use common parameters.
Template name
Template name
Template name
TCP Null Scan
TCP Fin Scan
TCP Syn Fin Scan
TCP Xmas Scan
UDP Bomb Attack
Snork Attack
UDP Flood Attack
Invalid ToS
Land Attack
Invalid IP Protocol
Corrupt IP Option
Time Stamp IP Option
Source Route IP Option
Record Route IP Option
Security IP Option
Stream ID IP Option
Fragmented ICMP Packet
ICMP Redirects
ICMP Destination Unreachable
ICMP Request Excess
ICMP Reply Excess
To view details about an anomaly template that uses common parameters:
1.
Access the Anomaly Detection page.
2.
In the anomaly detection template list, click the name for an anomaly template that uses common
parameters.
The Anomaly Detection Details page appears.
Anomaly Detection Details contents
{
Name—Anomaly that UBA can monitor.
{
Description—Description for the anomaly.
{
Threshold—Threshold at which the anomaly detection generates an alarm.
{
Alarm Level—Level of the alarm. Options are Critical, Major, Minor, Warning, and Info.
{
Enable—Whether or not the anomaly detection is enabled.
3.
Click Back to return to the Anomaly Detection page.