Correlation rules
- Last Updated: May 1, 2026
- 2 minute read
- Flowmon Products
- Flowmon Anomaly Detection System
- Documentation
The Connector includes custom rules that define Flowmon ADS detection methods. These rules help you identify and respond to various security events and network anomalies.
Flowmon ADS: Bypass of proxy - Identifies devices that bypass or attempt to bypass your specified proxy server.
Flowmon ADS: Denial of service attack - Detects various types of denial of service attacks targeting your network.
Flowmon ADS: DNS traffic anomaly - Identifies non-standard DNS traffic that might indicate malicious activity.
Flowmon ADS: Large data transfer - Aggregates simple events about large data transfers.
Flowmon ADS: Load Basic Building Blocks - Ensures the system applies all Flowmon building blocks correctly.
Flowmon ADS: Malware infected device - Identifies potential malware infections based on network behavior patterns.
Flowmon ADS: Malware infected device - Add Attack destination IP to reference set - Aggregates simple events that could be the sign of a malware infection and adds an attack destination IP address to the reference set named “Flowmon ADS: MALWARE – Attack destination IP - IP”.
Flowmon ADS: Misconfigured device - Aggregates simple events that could mean the device is configured incorrectly.
Flowmon ADS: Network access attack - Aggregates simple events about attacks against authentication.
Flowmon ADS: Network anomaly - Aggregates simple events related to the standard behavior of the network.
Flowmon ADS: Network discovery - Aggregates simple events about the devices trying to discover the monitored network.
Flowmon ADS: Potential data leaks - Aggregates simple events about possible data leaks.
Flowmon ADS: Potential email spammer - Aggregates simple events about potential spammers.
Flowmon ADS: Potential network sniffer - Aggregates simple events unveiling the devices that are possibly eavesdropping the traffic on the network.
Flowmon ADS: Service outage or misconfiguration - Aggregates simple events about unavailable services.
Flowmon ADS: Transferring data using VPN - Detects VPN tunneled traffic.
Flowmon ADS: Usage of undesired applications - Aggregates simple events about the use of applications that could be undesired in the given environment.