The Analytics Anomalies Screen displays any anomalies that are discovered in established port utilization trends. The information is displayed in a list that describes the anomaly and its origins (e.g., IP address, Port). Anomaly detection uses Z-Score to check for anomalies in the latest port utilization data gathered from hourly polling over the past 30 days. Z-Score is a statistical measurement of a score's relationship to the mean in a group of scores. In other words, it measures utilization for a port for a specific hour to determine its relationship with utilization for the same hour over the sampling period (30 days). A data point that deviates considerably from an established pattern is flagged as an anomaly and displayed on the Anomalies Screen. Z-Score parameters are configured on the Settings Screen.
You can configure the information displayed by clicking on the Configuration icon to bring up the Configuration Screen and set any or all of the displayed columns.
Note: A minimum of 11 days of data is required for anomaly calculation. Also, seasonal variation for periods of more than 30 days cannot be adequately learned using this method. For example, an annual usage pattern would be affected by lower usage due to holidays/vacations.