Mar 29 2019 07:15 AM
Hi there,
Has anybody success to modify the thresholds for the default alerst? For example:
- - - - - - - - - - - - - - - - - - - - - - - - -
A medium-severity alert has been triggered
Unusual volume of file deletion
Severity: Medium
Activity: FileDeleted
Details: 90 matched activities in 5 minutes.
- - - - - - - - - - - - - - - - - - - - - - - - -
Yes, I can disable that, but it is not the point.
Mar 29 2019 11:21 AM
SolutionNo. That's one of the "anomaly detection" policies which apparently use some ML models and should apply different criteria for different users. You can simply disable this and create an alert with pre-set criteria for the delete operation.
Mar 31 2019 11:30 PM
Thank you @Vasil Michev. Not the answer I wish to hear, but that is what we get from clouds.
Mar 29 2019 11:21 AM
SolutionNo. That's one of the "anomaly detection" policies which apparently use some ML models and should apply different criteria for different users. You can simply disable this and create an alert with pre-set criteria for the delete operation.