GotRoot rules and Anomaly Scoring mode
Posted: Mon Jun 01, 2015 3:35 pm
Hi all
I am new to Atomicorp products. I have the Gotroot rules subscription and I think the Rules and AUM is brilliant. It makes the whole process much easier and let's me concentrate on looking at the Alerts.
Is it possible to put AUM into Anomaly Scoring mode?
In case Atomicorp calls it something else, what I'm after is for the score of individual rules to be counted up at the end of the transaction. Ultimately I am interested in seeing any "Outbound" rules or Data Leakage rules firing. I've already made the small and easy change of putting AUM in to: SecRuleEngine DetectionOnly. Hopefully I haven't missed anything obvious. I've had a search on the forum and not seen any hits.
Thanks again for a great product. Regards
Jag
I am new to Atomicorp products. I have the Gotroot rules subscription and I think the Rules and AUM is brilliant. It makes the whole process much easier and let's me concentrate on looking at the Alerts.
Is it possible to put AUM into Anomaly Scoring mode?
In case Atomicorp calls it something else, what I'm after is for the score of individual rules to be counted up at the end of the transaction. Ultimately I am interested in seeing any "Outbound" rules or Data Leakage rules firing. I've already made the small and easy change of putting AUM in to: SecRuleEngine DetectionOnly. Hopefully I haven't missed anything obvious. I've had a search on the forum and not seen any hits.
Thanks again for a great product. Regards
Jag