See Sig. ID 5930/0 in IME in Event Monitoring as an example.
If the Alert Frequency, Summary mode of an IPS signature is set to Summarize with a value of 15, does this mean that all 15 hits receive the stated Action Taken (eg. dropped packet, deniedFlow, tcpOneWayResetSent) as in the first alert triggered.
Is it true that the display of 'port 0' in the next triggered event represents the following 14 events which also experience the same action taken as the first, but the Actions Taken words (dropped packet, deniedFlow, tcpOneWayResetSent) are not displayed (ie. the field is blank).
Can someone clear this up for me?
Thanks.
WG