Powered by Zoomin Software. For more details please contactZoomin

Flowmon ADS User Guide

Table of Contents

Common Features

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 1, 2026
  • 1 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

There are three common features of detection methods:

  • Event generating: most detection methods generate events. Events always include:

    • Event origin (IP address)

    • Event type (corresponding to a type of the method which detected the event)

    • Event subtype

    • The detection time of the event according to flow data

    • A link to the data feed

    • Event details (additional information on the event according to its type)

    • The list of all event targets (IP addresses).

  • Division to submethods: The detection methods usually detect network anomalies that can be further divided into several subtypes. An example could be the SCANS method that detects various types of network scanning - ARP scan, TCP SYN scan, TCP FIN scan, UDP scan, and so on. The detection methods, therefore, consist of several submethods that are responsible for the detection of a particular subtype of the anomaly. The submethod that detected an event is always a part of the event detail to better clarify the meaning of the event. The list of sub-methods for each detection method is stated in the description of the particular detection method in the subsequent parts of the user guide.

  • Periodic deletion of events: all detection methods that generate events offer their periodic deletion through a configuration option DeleteEventsAfter. This indicates the number of days for which the events remain in application memory. Older events are automatically deleted. When the option is set to the value “0”, events are never deleted.

TitleResults for “How to create a CRG?”Also Available inAlert