hi guys,
i need some guidance how to create alert deltas.
we have network interface and we wish to detect when the interface has sudden increase in traffic.
Have a look at the following values in the Alert rule builder:
ports.ifInOctets
ports.ifInOctets_prev
ports.ifInOctets_delta
ports.ifInOctets_rate
ports.ifOutOctets
ports.ifOutOctets_prev
ports.ifOutOctets_delta
ports.ifOutOctets_rate
Working with those will give you the results you need.
HTH
1 Like