https://community.cisco.com/t5/network-security/fire-once-summary-mode-question/m-p/530253#M98390 <P>let's say I have signature with the following characteristics:</P><P></P><P>Event Counter</P><P>-------------</P><P>Event Count: 1</P><P>Event Count Key: Attacker and Victim addresses</P><P>Specifiy Alert Interval: No</P><P></P><P>Alert Frequency</P><P>---------------</P><P>Summary Mode: Fire Once</P><P>Summary Key: attacker and victim addresses</P><P>Specify Global Summary Threshold: No</P><P></P><P>Obviously, it will alarm for the first event, but what about subsequent events? Testing reveals that it does eventually generate more alarms...but how much time much pass?</P> Sun, 10 Mar 2019 10:05:15 GMT mhellman 2019-03-10T10:05:15Z https://community.cisco.com/t5/network-security/fire-once-summary-mode-question/m-p/530253#M98390 <P>let's say I have signature with the following characteristics:</P><P></P><P>Event Counter</P><P>-------------</P><P>Event Count: 1</P><P>Event Count Key: Attacker and Victim addresses</P><P>Specifiy Alert Interval: No</P><P></P><P>Alert Frequency</P><P>---------------</P><P>Summary Mode: Fire Once</P><P>Summary Key: attacker and victim addresses</P><P>Specify Global Summary Threshold: No</P><P></P><P>Obviously, it will alarm for the first event, but what about subsequent events? Testing reveals that it does eventually generate more alarms...but how much time much pass?</P> Sun, 10 Mar 2019 10:05:15 GMT https://community.cisco.com/t5/network-security/fire-once-summary-mode-question/m-p/530253#M98390 mhellman 2019-03-10T10:05:15Z https://community.cisco.com/t5/network-security/fire-once-summary-mode-question/m-p/530254#M98391 <HTML><HEAD></HEAD><BODY><P>The amount of time is indicated by the Summary Interval (Time in seconds used in each summary alert).</P><P></P><P>I think by default, signatures are set to 15 seconds.</P></BODY></HTML> Sun, 09 Jul 2006 07:35:25 GMT https://community.cisco.com/t5/network-security/fire-once-summary-mode-question/m-p/530254#M98391 craig.lepchenske 2006-07-09T07:35:25Z https://community.cisco.com/t5/network-security/fire-once-summary-mode-question/m-p/530255#M98392 <HTML><HEAD></HEAD><BODY><P>AFAICT, there is no summary interval for the "fire once" summary mode. It is not exposed to the user for viewing/modification anyway. 15 seconds doesn't seem likely given the testing I did. It was ~2 minutes that a new alarm would fire.</P></BODY></HTML> Mon, 10 Jul 2006 14:53:13 GMT https://community.cisco.com/t5/network-security/fire-once-summary-mode-question/m-p/530255#M98392 mhellman 2006-07-10T14:53:13Z