After firing up my new Palo Alto IDS, I turned on the ability to send emails for medium, high and critical threats. However, when hundreds of threats are detected in a short window, I get hundreds of emails. All of them are about the same event (a brute force event in this case.) Is there a way to configure alerting so that a specific threat only sends an email every so often? Eventually I would like these types of alerts to generate an email to my ticketing system, but the last thing I want is 900 tickets for what turns out to be one thing I need to investigate.
Thanks in advance,
Email alerts can only be triggered on severity (low, medium, high and critical) basis. It is not provisioned on the PA to send an email alert for specific threats. This will have to go down as a feature request which can be filed by your Sales Engineer.
It would be better if email alerts are used only for critical and high severity threats as too much alerts can be irritating some times ...:smileylaugh:.
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!