Treshold Rule

For Treshold Rule, you can chose two option which are count and sum threshold rule :

Count Treshold Rule

In Count threshold rule you can fill related fields;

The only difference count threshold rule from sum threshold rule is related to upon to database field which is shown below;

Count threshold rule triggers when specified number of similar events occur

Sum Threshold Rule

Example of threshold rule;

Attack firewall from different sources

15 attack packets are directed to firewall from different destination machine to same source machine in one minute

  • Select the log fields (each log type has its own fields)

| | | | | | --- | --- | --- | --- |

results matching ""

    No results matching ""