Anomalies detection highlights the technology will learn your environment as baseline reference such that “unusual” traffic will be flagged for alert.
This will save detection ruleset definition but vendor always stresses short learning time (even just 1 or 2 weeks) to convince deployment for quick win demonstrating ROI.
Sometimes, network traffic or application behaviors are seasonal based because of the business operations. Therefore as always, recurring maintenance efforts are required to sustain its effectiveness and don’t be influenced by vendor for zero-deployment and zero-maintenance.