Powered by Zoomin Software. For more details please contactZoomin

Flowmon ADS User Guide

Table of Contents

THREATS - Threat Briefings

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 1, 2026
  • 2 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

Method description

A method for detection of communication with Indicators of Compromise (IoCs, such as IP addresses, domains, web pages, JA3 fingerprints, or services) that are related to new emerging threats that may pose a risk to your network environment. The IoCs are distributed as a part of the Threat Briefings maintained by Progress Flowmon.

The IgnoreUnreachable parameter ignores the ICMP type 3 (Destination Unreachable) replies to requests from the malicious devices. If the IgnoreUnsuccExt parameter (or IgnoreUnsuccInt) is set to yes, the unsuccessful communication attempts initiated by the malicious devices (or by internal devices) are not reported. It is also possible to ignore communication at specific ports, which can be set using the IgnorePorts parameter.

Submethods of this detection method are not fixed and may change over time with new updates of the Threat Briefings. Each Threat Briefing represents a separate submethod.

Method configuration

It is recommended to activate this method network-wide for all traffic on the network, regardless of IP addresses. The correct place for monitoring of the traffic is the Internet connection line. To update the Threat Briefings you must ensure to not block the communication of the device (probe/collector) to port 443 (HTTPS, standard secured web traffic) on the services.flowmon.com server.

Method parameters

  • IgnoreUnreachable: Ignore the ICMP type 3 responses (Destination Unreachable).

  • IgnoreUnsuccExt: Ignore unsuccessful communication attempts initiated by external malicious devices.

  • IgnoreUnsuccInt: Ignore unsuccessful communication attempts initiated by internal devices.

  • IgnorePorts: List of ports that will be ignored during the detection.

Assigned filter

Only flows whose source or destination IP address matches the assigned filter will be processed.

Interpretation of results

This method uses Threat Briefings provided by Progress Flowmon. Events generated by this method may indicate that the device is compromised or takes part in malicious activities depending on the category of the Threat Briefing - if some of the organization IP addresses are the event originator it is likely to be part of a botnet or infected with some form of malware.

TitleResults for “How to create a CRG?”Also Available inAlert