Configure rules-based anomaly detection
Rules engine-based anomaly detection allows you to define certain rules. If the threshold values that are defined in the rule are exceeded, anomalies are generated. For example, an anomaly is generated if a certain number of failed login attempts occur in a specified time period.
For each rule, you can configure the following parameters: execution frequency, query period, and threshold.
To modify the rule parameters, use the /security/anomaly/rules/{ruleId} API.
To configure rules-based anomaly detection
- On the left, click Detection and reporting > Anomaly detection.
- On the top right, click Anomaly detection settings > System anomaly detection configuration.
- On the System anomaly detection configuration screen, expand Rules-based anomaly detection and select the Detect anomalies using NetBackup anomaly detection rules check box.
The following details for each of the predefined rules are displayed:
Rule name
Description
Severity
Version
Enabled
For the latest rules file, go to the Cohesity Download Center and download the rules file (
.zip) for which you want to generate anomalies.Select Upload rules to select the rules file that you have downloaded. All the latest rules are listed in the Rules-based anomaly detection section.
- Select the rules that you want to enable and for which you want to generate anomalies.
Select Enable.
NetBackup generates anomalies for the conditions that meet the rule criteria.