Approach

• First, we need the CIDR blocks from the specific country we monitor. For example, we can break them up into a dozen Host Groups. See the Russian Federation attached files as examples for AppResponse and NetProfiler.

  • AppResponse: download the attached file using the "save link as" option and convert the attached file to CSV format (e.g., opening it in Excel and saving it with CSV extension). Once you have the CVS file, you can import it from the Host Group section.

  • NetProfiler: download the attached file using the "save link as" option. Once you have the TXT file, copy the CIDRs and paste them within the Manage Host Group Types-->ByLocation.​

• Second, we can create the corresponding dashboards and alert configurations after importing the CIDRs into the AppResponse or NetProfiler host group. Then we can monitor traffic, identify common patterns and recognize & alert on rogue behaviors. 

Methodologies

• Network Monitoring receives traffic information from any sources into a "host group." Network Monitoring aggregates, de-duplicates, and processes traffic data to prepare it for network behavior analysis. Network Monitoring will build profiles of typical network behavior for specified times.
• Event Detection implies analyzing compliance with service policies, performance and availability policies, security policies, and user-defined policies. Event detection assigns to each security-policy-violation event a severity rating number based on the likelihood of a threat to network performance, availability, or security.
• Alert Generation checks the severity of each network event against a set of user-defined tolerance levels or alerting thresholds. When the severity of an event exceeds a tolerance or alerting threshold, the alerts users to the event's existence by indicating an alert condition and displaying information about the event.
• Notification capability automatically sends email-alert messages to designated recipients. Notification capability also allows sending SNMP messages to security or operations management systems.
• Event Reporting saves details of all events that trigger alerts. Event detail reports can be viewed on the user interface or retrieved by remote management systems for analysis.