Threat email alert throttling

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Threat email alert throttling

L2 Linker

We're setup to email threat alerts, and are getting an email for every alert generated.

Is there a way to throuttle the emails? Particularly for a single threat that is blocked, we don't need 60 emails/min for all the blocks. It would suffice for the first 10 per 10 min interval. When you get the first 10 emails, you know someone is hammering your system. It suffices to know that in 10 min, they are still at it, if they would be...

Or is this more SIEM territory?

 

Thank you, Chris Klomp

 

2 REPLIES 2

Cyber Elite
Cyber Elite

@CHKlomp,

This is more of a SIEM function and isn't something you can natively limit on the firewall at all. Since your requirements sound relatively low if you are just looking for alert limiting, you could get away with installing Graylog on a machine you have laying around using that if you don't already have a SIEM setup.

Thanks @BPry 

 

It's what I was suspecting. Just wanted to make sure I did not miss any options...

  • 2463 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!