Chapter 4 Zone Configuration
Zone Traffic Learning
The Detector’s tools for constructing detection policies are the Policy Templates. These define the policies according to the Minimum Threshold and Maximum Services parameters the user provides (this chapter will not cover those advanced procedures see Chapter 7, “Policy Procedures” for further details).
Once supplied with the appropriate parameters, the Detector’s Policy Templates construct the detection policies based on the zone traffic and tune the constructed policies based on the learned thresholds. The user is called to approve (accept) or reject each one of the learning phases. The learning is performed for each of the Detector zones (if applicable).
The Learning phase consists of the following:
•Learning Phase
•Learning Phase 2
Learning Phase 1 – Policy Construction
Note The user is directed through the Detector Learning phases without parameter definitions. For the Learning phases’ parameter definitions refer to Chapter 7, “Policy Procedures”.
To begin the first Learning phase perform the following:
1.From the Global command group level type the following:
admin@DETECTOR# learning
Or alternatively:
From the zone command group level type the following:
|
| Cisco Traffic Anomaly Detector User Guide |
|
|
|
|
| ||
|
|
|
| |
|
|
|
