Tune an alert

Learn how to tune your alerts effectively based on the data you can view in Web Security Analytics. Do this when you first set up an alert and periodically to ensure the attack patterns have not changed.

Before you begin

Tune your security configuration before you start tuning your alerts. An untuned security configuration may lead to numerous false positives and real threats may go unnoticed.

To learn how to tune your security configuration, see the Cloud Security Help.

How to

  1. When creating or changing an alert, select the Filter tab.
  2. Filter on a specific attack threat.
  3. Zoom out to the last 30 days.
  4. Identify the busiest peacetime traffic where you know there were no special events or attacks.

    In this example, the busiest peacetime traffic is the highlighted blue area:

  5. Zoom in to the busiest 2-3 hours.
  6. Select the Threshold tab.
  7. Identify the peak number of requests during the busy hours.
  8. Add a buffer of approximately 20% to this number and enter the resulting number in the Threshold configuration panel.

    For example, if the peak number of requests is 580000, set the threshold to 700000, as in this example: