- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-21-2014 11:10 AM
Hi Everyone,
After firing up my new Palo Alto IDS, I turned on the ability to send emails for medium, high and critical threats. However, when hundreds of threats are detected in a short window, I get hundreds of emails. All of them are about the same event (a brute force event in this case.) Is there a way to configure alerting so that a specific threat only sends an email every so often? Eventually I would like these types of alerts to generate an email to my ticketing system, but the last thing I want is 900 tickets for what turns out to be one thing I need to investigate.
Thanks in advance,
BB
03-24-2014 08:46 PM
Hello,
Email alerts can only be triggered on severity (low, medium, high and critical) basis. It is not provisioned on the PA to send an email alert for specific threats. This will have to go down as a feature request which can be filed by your Sales Engineer.
It would be better if email alerts are used only for critical and high severity threats as too much alerts can be irritating some times ...:smileylaugh:.
Hope this helps.
Thanks
03-24-2014 08:49 PM
Also, some of these earlier discussions might be of help to you :
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!