We're setup to email threat alerts, and are getting an email for every alert generated.
Is there a way to throuttle the emails? Particularly for a single threat that is blocked, we don't need 60 emails/min for all the blocks. It would suffice for the first 10 per 10 min interval. When you get the first 10 emails, you know someone is hammering your system. It suffices to know that in 10 min, they are still at it, if they would be...
Or is this more SIEM territory?
Thank you, Chris Klomp
This is more of a SIEM function and isn't something you can natively limit on the firewall at all. Since your requirements sound relatively low if you are just looking for alert limiting, you could get away with installing Graylog on a machine you have laying around using that if you don't already have a SIEM setup.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!