We have had an instance of a third party having an issue with their system that generated repeated traffic over and over 17K 5 times a second, constantly.
I can match the traffic in the log fairly easily.
How can I set up an alert for that to go to our application owner?
I can't figure out a way to do it other than a daily scheduled report which is not great.
A SIEM is your best bet at that point. While there are reporting functions on the device, a SIEM can do a lot better. Also perhaps a zone protection or DOS policy could help out?
Hmm... SIEM is not implemented yet although it's budgeted and we have gone through the entire selection process.. It's just queued down the project list..
Will have to have a think.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!