HOT_IP

This alert is triggered when the number of operations executed by a single user in the past reporting intervals exceeds a certain threshold.

Characteristics

Name: Excessive number of operations. Non-SQL detector.

Type: anomalies

Status (default): disabled

Detector: built-in, non-SQL

Message

“Excessive activity of user *IP_address* (*user_name*). Non-SQL detector.”

“Number of operations: *number_of_operations* .”

Important

This alert does not track the activity of clients that use IPv6 addresses.

Detector parameter

  • Number of operations threshold (number)
    Absolute number of operations performed from the reported IP address. Default: 100.