DDoS Defender - false positive rules
False positive principles in the DDoS Defender module.
Product: Flowmon DDoS Defender
How do the false positive marks work?
How the false positive mark changes the baseline?
|Steps to Reproduce:|
Marking an attack as a false positive cause the attack traffic to be considered standard traffic for baseline calculation. That means that the baseline raise a little bit.
For example, if the baseline length is 24 hours then the attack older than 24 hours doesn't have any impact on the baseline.
Was this article helpful?0 out of 0 found this helpful