Nowdays, implement intrusion detection solutions in network environments is always more important. One way, is by using an anomaly detection approach, which relies on the concept of anomaly as deviation from the "normal" behaviour. Traditional anomaly detection systems aim to detect any deviation in the traffic, while in this work we want to focus only on the most relevant ones. Moreover, some anomaly detection techniques could fail in cases like ports with a highly day-night effect in the traffic trend. So the proposed framework aims, in an automated way, to extract, aggregate and visualize meaningful features useful to spot anomalies inside big amount of data.