topic Re: Threat email alert throttling in General Topics

Threat email alert throttling

CHKlomp — Mon, 16 Sep 2019 22:10:00 GMT

We're setup to email threat alerts, and are getting an email for every alert generated.

Is there a way to throuttle the emails? Particularly for a single threat that is blocked, we don't need 60 emails/min for all the blocks. It would suffice for the first 10 per 10 min interval. When you get the first 10 emails, you know someone is hammering your system. It suffices to know that in 10 min, they are still at it, if they would be...

Or is this more SIEM territory?

Thank you, Chris Klomp

Re: Threat email alert throttling

BPry — Tue, 17 Sep 2019 02:39:48 GMT

@CHKlomp,

This is more of a SIEM function and isn't something you can natively limit on the firewall at all. Since your requirements sound relatively low if you are just looking for alert limiting, you could get away with installing Graylog on a machine you have laying around using that if you don't already have a SIEM setup.

Re: Threat email alert throttling

CHKlomp — Tue, 17 Sep 2019 17:14:38 GMT

Thanks @BPry

It's what I was suspecting. Just wanted to make sure I did not miss any options...