This alert is triggered when abnormal traffic for a software service user is detected for a specified URL.
This alert heavily degrades report server performance. Create only a limited number of such alerts.
Name: Abnormal URL traffic for software service user
Status (default): enabled
Detector: built-in, non-SQL
“Abnormal URL traffic for user *IP_address* (*name*), software service *software_service_name* .”
“The total of URLs requested by the user: *number_of_URLs* .”
“The percentage of the restricted URLs: *percentage_restricted_URLs* %.”
“The distribution of the restricted URLs: *distribution_restricted_URLs* .”
This alert does not track the activity of clients that use IPv6 addresses.
- Lower limit of the unacceptable number of URLs (number)
The lower limit of unacceptable values of the number of hits. Default:
- Lower limit of the unacceptable number of restricted URLs [%] (number)
The lower limit of the ratio of URL traffic to restricted resources and URL traffic to all resources. Default:
- Restricted URLs (string)
The set of URLs representing the restricted resources. The set is composed of URLs separated by space character.
- Toggle [0/1] to show the distribution of the restricted URLs (number)
The default value of
0does not show the distribution of the restricted URLs.