4.12.1 irpaad.analyze_for_attacks #
List of attacks the algorithm will analyze/monitor.
- Possible values:
0 (All methods), 1 (SSH Flood), 2 (DNS Amplification), 3 (NTP Amplificatio4 (UDP Flood), 5 (Smurf), 6 (SYN Flood), 7 (ACK Flood), 8 (HTTP Flood) - Default value:
0
4.12.2 irpaad.enabled #
Enables/disables anomaly analysis.
- Possible values:
0 (Disabled), 1 (Enabled) - Default value:
0
4.12.3 irpaad.log #
Defines the file-system path to the Irpaad log file.
- Default value:
/var/log/irp/irpaad.log
4.12.4 irpaad.log.level #
Defines the logging level for the Irpaad service.
- Possible values:
crit, error, warn, info, debug, trace - Default value:
info - Recommended value:
info
4.12.5 irpaad.mode #
Configures the anomaly detection operation mode.
Anomaly Detection modes:
Anomaly Detection modes:
– Moderated users need to confirm the threat mitigation action manually
– Automated threat mitigation actions are performed automatically when an attack gets detected.
– Automated threat mitigation actions are performed automatically when an attack gets detected.
- Possible values:
0 (Moderated), 1 (Automated) - Default value:
0
4.12.6 irpaad.reaction #
Enables/disables anomaly analysis.
- Possible values:
0 (Flowspec Drop), 1 (Flowspec Redirect), 2 (Blackhole Drop), 3 (Blackhole Redirect) - Default value:
0
4.12.7 irpaad.sensitivity #
Sensitivity level of the anomaly analysis algorithm.
Decreasing the sensitivity threshold makes the algorithm less strict in flagging anomalies.
Decreasing the sensitivity threshold makes the algorithm less strict in flagging anomalies.
- Possible values:
45-90 - Default value:
70
4.12.8 irpaad.time.keep #
The amount of time(minutes) to keep a manually approved/automatic blackholing reaction active.
- Possible values:
1-4320 - Default value:
10
