Count records as part of a result to quickly identify excessive flows or change. Any record combination can be counted, e.g. counting all internal IP's with number of IP or Port conversations enables quick identification of Port Scanners, P2P users, DDoS attacks or other multi threaded conversations. Identify long lasting flows or conversations.
CySight Count Analysis enables fields to be grouped in order to count the number of connections (flows), packets or physical file records to trigger an alert and assist the security forensic analyst to analyze the pattern of the attack.