InFortiSIEM,numPointsis a parameter used inrules and the profile databaseto ensure the reliability of statistical baselines and prevent anomalies from being falsely triggered due to insufficient data.
1.To prevent premature triggering of a rule before a baseline is set and becomes active.
numPoints ensures that a rule does not trigger until a sufficient number of data points are collectedfor the baseline.
Without enough data, the system may generatefalse positivesdue to the lack of a stable historical pattern.
2.To fetch only values from the profile database that have numPoints greater than a certain threshold.
When querying theprofile database, numPoints acts as afilterto ensure that onlydata points meeting a minimum thresholdare considered for analysis.
This prevents unreliable or insufficient historical data from affecting anomaly detection.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
numPoints ensures that a rule does not trigger until a sufficient number of data points are collectedfor the baseline.
Without enough data, the system may generatefalse positivesdue to the lack of a stable historical pattern.
When querying theprofile database, numPoints acts as afilterto ensure that onlydata points meeting a minimum thresholdare considered for analysis.
This prevents unreliable or insufficient historical data from affecting anomaly detection.
Submit