Botnet Configuration Settings
Enableand define the
Countfor each type of HTTP Traffic that the report will include. The
Countvalues you enter are the minimum number of events of each traffic type that must occur for the report to list the associated host with a higher confidence score (higher likelihood of botnet infection). If the number of events is less than the
Count, the report will display the lower confidence score or (for certain traffic types) won’t display an entry for the host.
Define the thresholds that determine whether the report will include traffic associated with suspicious Unknown TCP or Unknown UDP applications.
Select this option to include traffic involving IRC servers.