Diagnostics: 2. Setup baseline learning

Comprehensive user manual for CySight Ai-Driven Network and Endpoint Detection and Response (NDR, EDR) Forensics and Application Performance Monitoring (APM)

Diagnostics: 2. Setup baseline learning

How to setup baseline learning

A Baseline is setup by applying an "Alert Template" to a selected Device or Interface.

Start by selecting the "Alert Templates" menu option. A list of Alert Templates will be displayed.

Image

For now focus on the "IPv4 Baseline". This should cover most of your requirements.

Right Click on "IPv4 Baseline" and select the "Apply to" submenu.

Now select either:
  • Devices for broad based baselines, or
  • Interfaces for more granular baselining.
A list of Devices or Interfaces will display subject to your selection.

Image

Select Apply or Apply All to select the relevant interfaces/devices you want to monitor.

The Search feature of the Apply screen will allow you to quickly find and Apply alerts to only those interfaces or devices you wish to have baselines and automated diagnostics processes enabled.

Image

Click confirm and the selected interfaces will initiate their baselines. After applying a unique Alert ID will be allocated to each Baseline. The Baselines will begin learning from the apply time going forward.

Image

Now repeat the same process with the "IPv6 Baseline" on any interfaces/devices that are exporting IPv6 flows.

Alerts will be generated as soon as possible to enable early warning diagnostics. For the first hour CySight NBAD will learn the rising and falling thresholds and alerting will be based on the initial hourly baseline thereafter for each hour that passes the baseline knowledge will grow and the alerting process will become more sensitive and more accurate.

Diagnostics: 1. Introduction
Diagnostics: 2. Setup baseline learning
Diagnostics: 3. Monitoring Alerts and Tickets
Diagnostics: 4. Diagnostics screen deciphered
Diagnostics: 5. SNMP Traps and Email Notifications