Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Gold

fire once summary mode question

let's say I have signature with the following characteristics:

Event Counter

-------------

Event Count: 1

Event Count Key: Attacker and Victim addresses

Specifiy Alert Interval: No

Alert Frequency

---------------

Summary Mode: Fire Once

Summary Key: attacker and victim addresses

Specify Global Summary Threshold: No

Obviously, it will alarm for the first event, but what about subsequent events? Testing reveals that it does eventually generate more alarms...but how much time much pass?

2 REPLIES
New Member

Re: fire once summary mode question

The amount of time is indicated by the Summary Interval (Time in seconds used in each summary alert).

I think by default, signatures are set to 15 seconds.

Gold

Re: fire once summary mode question

AFAICT, there is no summary interval for the "fire once" summary mode. It is not exposed to the user for viewing/modification anyway. 15 seconds doesn't seem likely given the testing I did. It was ~2 minutes that a new alarm would fire.

208
Views
0
Helpful
2
Replies
CreatePlease login to create content