Investigating off-hour network activity¶
Plixer Scrutinizer’s monitoring and reporting functions can isolate traffic outside business hours and alert teams to potentially malicious activity taking place during an organization’s off-hours.
Workflow
To proactively hunt for threats that remain dormant during business hours, security teams can leverage the following report filter options:
Add a filter that excludes business hours. A report threshold can also be configured, so that any activity exceeding the specified value(s) can be tracked via the Alarm Monitor.
Define the period of time outside business hours as the report’s time window/range.
Set the report’s time window to Last 24 hours and compare traffic data during and outside business hours.
Hint
After Plixer Scrutinizer has been deployed, default business hours can be set in the Admin > Settings > Reporting tray. These hours can be changed when configuring a business hours report filter.
Important
The Plixer ML Engine uses separate baseline models for network behavior during and outside of business hours. The default 8 am to 5 pm setting can be changed in the Admin > Settings > Reporting tray.