Use SiteProtector™ System
views as starting points for detecting and analyzing suspicious activity
on your network. Use the provided guidelines for working with the
SiteProtector System Analysis views and filtering tools.
Goals of detecting suspicious activity
The
goals of detecting suspicious activity are as follows:
- To monitor high-level patterns of activity to determine whether
you need to monitor any activities more closely
- To identify early indicators of attack severity and scope while
you continue to filter, sort, and correlate events
- To determine whether you have sufficient justification to take
more actions, such as officially tracking an incident or starting
a formal investigation