Alarm Mute for Large Bandwidth Usage
All the other alarms I've checked, like Video Activity, allow a destination and device pair to be muted.
However, Large Bandwidth Usage only allows a device to be muted. There is no "Add Destination" ... in the mute control. My use case is that I don't mind a large bandwidth usage from my computer to my cloud backup provider, but that doesn't mean I'm OK with a large bandwidth usage from my computer to any host in the entire Internet. Is there some other way to set this alarm up?
Also, what's the criteria for Abnormal Upload vs a regular upload? Is there some per-device parameter I can set to use this to check for exfiltration? This alarm has the destination+device pair style of mute.
-
I would love to see this as well. I have a NAS that downloads backups from hosts on the internet and that gets backed up periodically to a cloud storage provider and get a ton of these types of alarms. I don't want to mute the alarm as a whole as it could be indicative of a problem, but would love the ability to add hosts to a mute/allow list so I don't get alerted for those systems.
-
Have there been any updates to this? I'm not sure what the criteria is for Large Bandwidth Usage. It appears to trigger if a single system within some duration, like 2 hours, falls outside that timeframe's baseline. Large Bandwidth Usage may not be "large bandwidth" for that machine to a specific destination, but because it falls outside that 2 hour window's baseline it gets triggered. I have (had) specific machines that consistently get triggered for consuming 80%+ of the network bandwidth in the past 2 hours because they're the only machines being used at the time. I've since muted them. Is there a way to customize these alerts further? I'm trying to figure out a better way to manage these types of alerts, but I'm coming up short.
Please sign in to leave a comment.
Comments
2 comments