General Settings of the Module

This configuration can be found in Settings → System Settings → General settings.

The admin user can lock some configurations (Settings → System Settings → User preferences and Settings → Processing → Custom actions) for non-admin users using the Lock the configuration for non-admin users option. The admin can also allow non-admin users to comment and categorize events using the Event categorization for non-admin users option (non-admin users will not be able to create new categories, they can only assign or remove existing ones).

Access to Flowmon services (Internet services) may be allowed or denied by enabling or disabling the Flowmon services option. Some services, such as the WHOIS service or the detection methods that depend on external sources (BLACKLIST, BPATTERNS, and TOR), are unavailable when internet access is denied. See information on the various detection methods for further details.

The application uses all available CPUs. The Maximal number of computational threads parameter allows you to limit the number of CPU cores that application can utilize.

The application allows resolving event source IP addresses immediately after the detection of an event. This function enables you to determine the identity of the event source in dynamic environments where hostnames are changed frequently. IP addresses that should be resolved are defined by the parameter Capture source hostname. Note that the source IP address is resolved right after an event is detected and the captured hostname is not updated in the following event updates to increase the performance of the application.

The parameter Limit flows in event evidence allows you to specify an upper limit for the number of flows that are displayed for each event in the Event evidence section.

The Analysis Summary Sections parameter allows you to disable metrics from the Analysis Summary on the Analysis page.