Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

DDoS Defender - false positive rules





False positive principles in the DDoS Defender module. 


Product: Flowmon DDoS Defender

Version: Any

Platform: Any

Question/Problem Description:

How do the false positive marks work?

How the false positive mark changes the baseline?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  

Marking an attack as a false positive cause the attack traffic to be considered standard traffic for baseline calculation. That means that the baseline raise a little bit. 
If a false positive mark is removed later the baseline might be lowered back but only in case the attack is still covered by the baseline length.

For example, if the baseline length is 24 hours then the attack older than 24 hours doesn't have any impact on the baseline. 


Was this article helpful?
0 out of 0 found this helpful