Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
721
Views
1
Helpful
2
Replies

ISE Alarm

kaorito
Cisco Employee
Cisco Employee

‎03-16-2016 10:41 AM

Hi expert,

My customers want to enable the following ISE Alarm.
They want to know more about the operation of the alarm.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/api_ref_guide/api_ref_book/ise_api_ref_ers2.html#pgfId-1115175
--------------------------------------------------
[Alarm Name]
· Excessive Authentication Attempts
· Excessive Failed Attempts

[Alarm Resolution]
Once the threshold is met, the Excessive Authentication Attempts and Excessive Failed Attempts alarms are triggered. The numbers displayed next to the Description column are the total number of authentications that are authenticated or failed against Cisco ISE in last 15 minutes.
If the event re-occurs, then the same alarms are suppressed for a minimum duration of two hours. During the time that the event re-occurs, depending up on the trigger, it may take up to three hours for the alarms to re- appear.
If the event re-occurs, then the same alarms are suppressed for a minimum duration of two hours. During the time that the event re-occurs, depending up on the trigger, it may take up to three hours for the alarms to re- appear.
--------------------------------------------------
Their questions are the following.

Question:
Q1,
How it is measured for 15 minutes?
Are there a fixed interval of every 15 minutes?
Or measurement is started from when the first target is detected?

Q2
Is it immediately notified when the threshold is exceeded?

Is it related to something with the 15 minutes of Q1?

Q3
---------------------------------------------------

If the event re-occurs, then the same alarms are suppressed for a minimum duration of two hours. During the time that the event re-occurs, depending up on the trigger, it may take up to three hours for the alarms to re- appear.
---------------------------------------------------

How many times are “the event re-occurs”? Does it mean the 2nd time?

And they want to know the example of the above description.

When they enable the following Alarm, how will the behavior of the above?

· Excessive Authentication Attempts
· Excessive Failed Attempts

Regards,

0 Helpful
2 Replies 2

hslai
Cisco Employee
Cisco Employee

‎03-25-2016 09:18 PM

I will do some research on this and respond offline.

kevink707
Level 1
Level 1
In response to hslai

‎10-11-2018 05:48 PM

Any answer to this?

 

I was reviewing alarms and am I getting it too even though I have had authentications in the last 2 minutes.

0 Helpful
Customers Also Viewed These Support Documents