Enable Security Analytics
This document provides instructions on enabling the Advanced Analytics Security Module (ASAM) in ObserveOps (formerly known as AIOps) Flow Explorer and customizing various elements of the Security Analytics feature.
How to enable the Security module
- Navigate to
Settings > MOTADATA_NETFLOW > Security Analytics - Click on "Enable" to enable the Security module
note
Make sure you have purchased the license for the Security module.
How to customize problem events
- Navigate to
Settings > MOTADATA_NETFLOW > Security Analytics - Click on "Manage Problems"
- Select any problem type and its sub-category
- Disable unwanted problem names under that class
How to customize resources
- Navigate to
Settings > MOTADATA_NETFLOW > Security Analytics - Click on "Manage Resource"
- Select RIP/IP/NET and choose the resources
- Disable unwanted resources
- To enable a particular resource, click on "Disable List" and follow the same procedure
How to customize ASAM algorithm
- Navigate to
Settings > MOTADATA_NETFLOW > Security Analytics - Click on "Manage Algorithm"
- Select any algorithm type and its sub-category
- Disable unwanted categorization for problems under that class
How to customize the threshold for events
ASAM has predefined thresholds for every problem class and its classification. You can edit thresholds for each problem type from Settings.
- Navigate to
Settings > MOTADATA_NETFLOW > Attacks - Click on "Threshold" to edit Threshold settings
- Click on any particular problem and edit the upper limit and lower threshold value
- Click on Advanced Settings for more changes
- Save
How to create an alert profile for ASAM
You can generate alerts and get notified in case of any threshold violation for attacks.
- Navigate to
Settings > MOTADATA_NETFLOW > Security Analytics - Click on "Alert Profiles" to edit or add a new alert notification
- Select Algorithm
- Provide Criteria
- Add the profile with a name, retention period, and notification details.
- Save