Learning phase 1 - policy construction, Learning phase 1 – policy construction – Cisco OL-6109-01 User Manual
Page 13
4-13
Cisco Traffic Anomaly Detector User Guide
OL-6109-01
Chapter 4 Zone Configuration
Zone Traffic Learning
The Detector’s tools for constructing detection policies are the Policy Templates.
These define the policies according to the Minimum Threshold and Maximum
Services parameters the user provides (this chapter will not cover those advanced
procedures see
Chapter 7, “Policy Procedures”
for further details).
Once supplied with the appropriate parameters, the Detector’s Policy Templates
construct the detection policies based on the zone traffic and tune the constructed
policies based on the learned thresholds. The user is called to approve (accept) or
reject each one of the learning phases. The learning is performed for each of the
Detector zones (if applicable).
The Learning phase consists of the following:
•
Learning Phase 1–Policy Construction—This is the phase in which the
Detector constructs its policies with its user-defined or self-configured Policy
Templates. This phase consists of traffic flowing transparently through the
Detector, enabling it to discover which services are used by the zone. This
chapter will detail a procedure based on the Detector’s Minimum Threshold
and Maximum Services default parameters (see
Chapter 7, “Policy
Procedures”
for further details).
•
Learning Phase 2 –Threshold Tuning—This is the phase in which the
Detector tunes its detection policies thresholds to closely adapt to zone traffic
(see
Chapter 7, “Policy Procedures”
for further details).
Learning Phase 1 – Policy Construction
Note
The user is directed through the Detector Learning phases without parameter
definitions. For the Learning phases’ parameter definitions refer to
Chapter 7,
“Policy Procedures”
.
To begin the first Learning phase perform the following:
1.
From the Global command group level type the following:
admin@DETECTOR# learning policy-construction <zone-name>
Or alternatively:
From the zone command group level type the following:
admin@DETECTOR-conf-zone-<zone-name># learning policy-construction