https://community.cisco.com/t5/network-security/help-need-on-the-event-count-parameter-of-signatures/m-p/647113#M87937 <HTML><HEAD></HEAD><BODY><P>mm .. good that you mentioned because the decription on the CCSP book is not very clear </P><P></P><P></P><P></P><P></P><P></P><P> </P><P></P></BODY></HTML> Wed, 27 Dec 2006 01:37:19 GMT Fernando_Meza 2006-12-27T01:37:19Z https://community.cisco.com/t5/network-security/help-need-on-the-event-count-parameter-of-signatures/m-p/647110#M87934 <P>hi all i have a little confusion abt the event count parameter in the signatures. </P><P></P><P>i am not sure whether this parameter is for firing the signatures or for writing the events to the event store. </P><P></P><P>by default the event count is set to 1. </P><P></P><P>if i set the event count to 5 for a particular signature. </P><P></P><P>say for icmp echo request. if i set the signature event count to 5 within 10 seconds interval. and the signature action is to deny the packet inline. </P><P></P><P>then when the first icmp echo request is send will the signature be fired i mean will the packet be dropped. </P><P></P><P>or the packet will be dropped only if 5 icmp echo requests are send within 10 seconds. </P><P></P><P>can someone pls clear my doubt. </P><P></P><P>regards</P><P></P><P>sebastan</P><P></P> Sun, 10 Mar 2019 10:23:53 GMT https://community.cisco.com/t5/network-security/help-need-on-the-event-count-parameter-of-signatures/m-p/647110#M87934 sebastan_bach 2019-03-10T10:23:53Z https://community.cisco.com/t5/network-security/help-need-on-the-event-count-parameter-of-signatures/m-p/647111#M87935 <HTML><HEAD></HEAD><BODY><P>Hi Sebastian ..</P><P></P><P>I have answered your question on the Firewalling area .. </P><P></P><P>"Hi ..</P><P></P><P>The signature will perform the action specified on the signature .. the count event is to control the ammount of alerts you received .. in your case you will receive one alert everytime the signature fires 5 times within 10 seconds.</P><P></P><P>I hope it helps .. please rate if it it does !!! "</P><P></P><P></P></BODY></HTML> Mon, 25 Dec 2006 20:40:49 GMT https://community.cisco.com/t5/network-security/help-need-on-the-event-count-parameter-of-signatures/m-p/647111#M87935 Fernando_Meza 2006-12-25T20:40:49Z https://community.cisco.com/t5/network-security/help-need-on-the-event-count-parameter-of-signatures/m-p/647112#M87936 <HTML><HEAD></HEAD><BODY><P>hi buddy thanks for ur reply. but i would like to correct u . the event count value is not for controlling the alerts on the ips. </P><P></P><P>it;s basically specifies the number of times the event has to occur for the signature to trigger. </P><P></P><P>i modified the icmp echo request signature. and set the event count to 6 and the signature action to produce alert. </P><P></P><P>now if i send 5 icmp echo request the signature doesn;t get fired nor the event is written to the event store. </P><P></P><P>regards</P><P></P><P>sebastan</P></BODY></HTML> Tue, 26 Dec 2006 15:53:03 GMT https://community.cisco.com/t5/network-security/help-need-on-the-event-count-parameter-of-signatures/m-p/647112#M87936 sebastan_bach 2006-12-26T15:53:03Z https://community.cisco.com/t5/network-security/help-need-on-the-event-count-parameter-of-signatures/m-p/647113#M87937 <HTML><HEAD></HEAD><BODY><P>mm .. good that you mentioned because the decription on the CCSP book is not very clear </P><P></P><P></P><P></P><P></P><P></P><P> </P><P></P></BODY></HTML> Wed, 27 Dec 2006 01:37:19 GMT https://community.cisco.com/t5/network-security/help-need-on-the-event-count-parameter-of-signatures/m-p/647113#M87937 Fernando_Meza 2006-12-27T01:37:19Z