Analyze suspicious activity

Use SiteProtector™ System views as starting points for detecting and analyzing suspicious activity on your network. Use the provided guidelines for working with the SiteProtector System Analysis views and filtering tools.

Goals of detecting suspicious activity

The goals of detecting suspicious activity are as follows:
  • To monitor high-level patterns of activity to determine whether you need to monitor any activities more closely
  • To identify early indicators of attack severity and scope while you continue to filter, sort, and correlate events
  • To determine whether you have sufficient justification to take more actions, such as officially tracking an incident or starting a formal investigation