Tune an alert
Learn how to tune your alerts effectively based on the data you can view in Web Security Analytics. Do this when you first set up an alert and periodically to ensure the attack patterns have not changed.
Before you begin
To learn how to tune your security configuration, see the Cloud Security Help.
- When creating or changing an alert, select the Filter tab.
- Filter on a specific attack threat.
- Zoom out to the last 30 days.
Identify the busiest peacetime traffic where you know there were
no special events or attacks.
In this example, the busiest peacetime traffic is the highlighted blue area:
Zoom in to the busiest 2-3 hours.
- Select the Threshold tab.
- Identify the peak number of requests during the busy hours.
Add a buffer of approximately
20% to this number and enter the resulting number in the Threshold
For example, if the peak number of requests is 580000, set the threshold to 700000, as in this example: