Submit a ticket My Tickets
Welcome
Login  Sign up

Real-Time Traffic Anomaly Detection

TABLE OF CONTENTS


Overview

Constellix's Real-Time Traffic Anomaly Detection (RTTAD) is a machine-learning tool that serves as an alert system in the event of inconsistent domain traffic patterns. RTTAD is a proactive monitoring service that utilizes a domain's historical data to learn traffic patterns. When there is an unexpected spike or surge in traffic, the tool sends an automatic alert. The collected data can be repurposed to best suit the organization's needs. 

RTTAD can assist in detecting:

  • Distributed-denial-of-service (DDoS) attacks
  • System configuration trouble
  • System outages
  • Firewall configuration issues
  • Marketing mistakes

This guide will assist in enabling, managing, and disabling RTTAD for domain(s). 


Enable RTTAD

To enable RTTAD in an environment, there are two ways to log in and navigate to the Anomaly Detection page. 

  • Log into the Constellix DNS dashboard.
    1. From the Recently Updated Domains section in the table on the right, select the domain(s) in which RTTAD will be enabled.
    2. The status of RTTAD will be indicated at the top of the screen, below the domain name. Click on the Activate Anomaly Detection button to enable the tool.
  • Log into the Constellix Analytics dashboard.
    1. From this dashboard screen, click on the plus icon next to the domain. 

Both of these navigation paths will lead to the Anomaly Detection page. Once here, follow the proceeding steps to enable this tool.


  1. On the Anomaly Detection Page, proceed with the following steps:
    1. In the Manage Scheduled Anomaly Detections section, select the domains which will have RTTAD enabled.
    2. In the description section, select the aggregation preference using the dropdown box. 
      1. Aggregated to world - this selection bases the anomalies on the sum of the domain's traffic from around the world. This option is recommended for domains that receive five billion or below queries per month.
      2. Aggregated to region - this selection bases the anomalies on the sum of the domain's traffic for a specific region. This option is recommended for domains that receive above five billion 
      3. Aggregated to city - this selection bases the anomalies on the sum of the domain's traffic for a specific city, which gathers information from each point of presence (PoP) from around the world.

        NOTE: Billing is dependent on the type of monitoring aggregation selected. 
    3. Click on Save.
    4. Optionally, you can click on the Save All button to save changes to any or all selected domains.
  2. Verify Anomaly Detection is now enabled from the Domain page of the dashboard with the following two changes indicated:
    1. Anomaly Detection On will appear in green.
    2. The Activate Anomaly Detection button will change to a Manage Anomaly Detection button. 

Setup Demo Video

This setup demonstration video will facilitate enabling and managing RTTAD.


Manage RTTAD

To configure RTTAD with environmental specifics, log into the Constellix dashboard. The proceeding steps will facilitate set up from the DNS tab of the menu bar. Navigate to the domain's page via the DNS or Analytics tab. 

Ensure Anomaly Detection is On and click on the Manage Anomaly Detection button.



NOTE: If anomaly Detection is Off, follow the  steps to enable the RTTAD  before proceeding with management steps. 


On the Anomaly Detection screen, the following management actions can be taken:

  • Add groups
  • Add contacts
  • Link notification Groups for a domain


Notification Groups and Contacts

Contacts are groups or persons who will be notified upon a domain traffic anomaly. In order to add contacts, a group must be established first.


    Add Group

  1. Click on the Contacts button.

  2. Click on the Add Group button in the Manage Anomaly Contacts section.

  3. Click on the pencil icon to name the group.
  4. Enter the preferred name and press the ENTER key on your keyboard to populate the name. Click on Save to save the entered name.
  5. Created groups will populate in the left column below the Add Group button.

    Add Contacts

Once a group has been established, follow the proceeding steps to add contacts to a group. Multiple emails can be entered following the steps below. 

  1. Click on the Add Contact button.

  2. Click on Click to enter email contact and fill in the field with the email.

  3. Click on the Save button.

    Note: Use live, working emails, not the example email used above. 

Set a Notification Group for a Domain 

The next step would be to tie the groups to the RTTAD-enabled domain(s). Multiple groups can be added to receive alerts for the same domain. This allows different departments and/or team members to be notified in the event of an anomaly.


  1. Select the domains with RTTAD enabled that will notify this contact group in the event of an outage. 
  2. Click the Save button.

Anomaly Detection Notification

In the event an anomaly is detected, an email will be sent to the contacts that were added for the domain with related information. 

A graph will be included to indicate when traffic went above or below the expected traffic patterns that the tool predetermined through its machine-learning capabilities to be considered normal for the domain. 


This information is mostly utilized to investigate where traffic is coming from (region, record name, etc.) via the Data Explorer. 



 




DNS

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.