search

Anomalies in SalesFolder searches

Goal

Looks for users who search more than usual on SalesFolder Web applications.

Description

This method utilizes a basic statistical approach to calculate the normal search volume for each user, allowing for the monitoring of individual search activity.

Characteristics

Name
Anomalies in SalesFolder searches

Data involved

We will use the SalesFolder Web app Data. More concretely, we will focus on the fields:

  1. UserName

  2. Timestamp

Alert Generation

Anomalies are detected when a user's access frequency within a specified 'n' minute timeframe deviates from normal behavior. The model's operation is controlled by the following parameters:

  1. Interval Duration (minutes): Defines the length of the time window for analysis.

  2. Detection Sensitivity: Determines the threshold at which a deviation is classified as an anomaly.

  3. New User Anomaly Threshold: Sets the minimum number of accesses from a new user required to trigger an anomaly alert, preventing false positives.

Raw outputs of the model

The outputs are:

  • A boolean value indicating that the amount of accesses for that use in the analysed timeframe exceeds normal behaviour.

PreviousSuspicious Referring WebsitesNextModels management

Last updated