Comprehensive user manual for CySight Standard and Enterprise Editions.

Diagnostics: 1. Introduction


CySight Baseline process constantly monitors your Network. It learns network behaviors and detects and alerts on anomalies. The Diagnostics process quickly identifies and alerts on who is doing what, where, when, with whom and for how long.

This is a sophisticated behavior-based anomaly detection technology (NBAD) that learns what’s normal on your network for every hour and weekday and detects any activity that deviates from normal baselines enabling highly accurate identification of all types of traffic issues from large-scale attacks to obscure data leakages.

CySight Alert Diagnostics begins by learning baselines for each Device or Interface. It learns the profiles of traffic for each Baseline meter: i.e.
Bytes, bps, Packets, pps, Packet-size, flows, tcp flags (TcpSYN, TcpACK, TcpFIN, TcpRST, TcpPSH, TcpURG, TcpCE).

If a meter baseline is breached more than 5 times in 15 minutes it triggers a diagnostic process to auto discover and categorize the root cause of the breach.

Diagnostics: 1. Introduction
Diagnostics: 2. Setup baseline learning
Diagnostics: 3. Monitoring Alerts and Tickets
Diagnostics: 4. Diagnostics screen deciphered
Diagnostics: 5. SNMP Traps and Email Notifications