Threat email alert throttling

Reply
Highlighted
L1 Bithead

Threat email alert throttling

We're setup to email threat alerts, and are getting an email for every alert generated.

Is there a way to throuttle the emails? Particularly for a single threat that is blocked, we don't need 60 emails/min for all the blocks. It would suffice for the first 10 per 10 min interval. When you get the first 10 emails, you know someone is hammering your system. It suffices to know that in 10 min, they are still at it, if they would be...

Or is this more SIEM territory?

 

Thank you, Chris Klomp

 

Tags (1)
L7 Applicator

Re: Threat email alert throttling

@CHKlomp,

This is more of a SIEM function and isn't something you can natively limit on the firewall at all. Since your requirements sound relatively low if you are just looking for alert limiting, you could get away with installing Graylog on a machine you have laying around using that if you don't already have a SIEM setup.

L1 Bithead

Re: Threat email alert throttling

Thanks @BPry 

 

It's what I was suspecting. Just wanted to make sure I did not miss any options...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!