Mountains

image

A mountain pattern is when each subsequent monitoring of an outbound spam problem is worse than the previous time. It looks like you are climbing a mountain. Once a threshold is crossed, an alert is generated.

Mountains generate the most obvious tells that a problem is occurring. If the amount of outbound spam keeps going up compared to the previous runs then it is more than just random noise. It is clearly indicative of a compromised user. In the diagrams that follow, the red line indicates the threshold that must be exceeded to indicate that there is a problem.

 

image

Roller Coaster Drops

image Roller coaster drops are the opposite of a mountain, each subsequent measurement is smaller than the previous run. Roller coaster drops are the only patterns that generate no alerts. Typically, they indicate that a problem has been fixed.

image