The detection engine uses auto-configuration based on basic network information provided in a step-by-step wizard. Auto-configuration tunes off-the-shelf methods and calibration following the deployment to ensure zero false positives.
Should you wish to define your own specific detection methods, you can use our concept of User defined patterns defined by a simple, SQL-like query.
Integrate Flowmon with an infinite variety of network equipment capable of responding to an incident using customer scripts. As an example, on the detection of communication with a botnet C&C server, Flowmon automatically triggers a script through which it connects to a firewall and creates a rule to block this communication in real-time.