Enabling and disabling network anomaly detection rules

To enable or disable Network Anomaly Detection rules, you can change their status. Each rule can be assigned the Enabled or Disabled status. By default, the Enabled status is assigned to a rule after the rule is created.

If you assign the Disabled status to a rule, the application cancels the last run of the rule and assigns the Canceled status to this run. The last run of the rule is canceled if the run had a status of New, Awaiting data, Pending, or Running when the rule was disabled.

To change the status of Network Anomaly Detection rules:

1. In the application web interface, go to the Intrusion detection section, Network Anomaly Detection subsection.
2. Select the rules whose status you want to change.
3. Enable or disable rules by clicking Enable or Disable. Each of these buttons is displayed the selected rules include rules to which the corresponding operation can be applied.

The status of the network anomaly detection rule is changed.

Page top