Next: Service Daemons Up: Major Features Previous: Authorization Rule Base

Dynamic Activity Monitoring

You can define, and the Eagle can monitor, what is considered suspicious or unusual activity. For example, if a node on your network normally connects to a server 4-5 times a day and suddenly makes 50 connections in a single morning, this is suspicious, even if the users and the machine are fully authorized to make these connections. All connections - those allowed and those denied by the gateway - are logged and can be fed directly into any of a number of database systems for processing and report generation.

Depending on the frequency and the magnitude of the suspicious acts, alerts are issued via electronic mail, pager, or fax - directly to appropriate authorities as incidents are taking place, rather than after the fact.


tkevans@delmarva.com