03-16-2016 10:41 AM
Hi expert,
My customers want to enable the following ISE Alarm.
They want to know more about the operation of the alarm.
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/api_ref_guide/api_ref_book/ise_api_ref_ers2.html#pgfId-1115175
--------------------------------------------------
[Alarm Name]
· Excessive Authentication Attempts
· Excessive Failed Attempts
[Alarm Resolution]
Once the threshold is met, the Excessive Authentication Attempts and Excessive Failed Attempts alarms are triggered. The numbers displayed next to the Description column are the total number of authentications that are authenticated or failed against Cisco ISE in last 15 minutes.
If the event re-occurs, then the same alarms are suppressed for a minimum duration of two hours. During the time that the event re-occurs, depending up on the trigger, it may take up to three hours for the alarms to re- appear.
If the event re-occurs, then the same alarms are suppressed for a minimum duration of two hours. During the time that the event re-occurs, depending up on the trigger, it may take up to three hours for the alarms to re- appear.
--------------------------------------------------
Their questions are the following.
Question:
Q1,
How it is measured for 15 minutes?
Are there a fixed interval of every 15 minutes?
Or measurement is started from when the first target is detected?
Q2
Is it immediately notified when the threshold is exceeded?
Is it related to something with the 15 minutes of Q1?
Q3
---------------------------------------------------
If the event re-occurs, then the same alarms are suppressed for a minimum duration of two hours. During the time that the event re-occurs, depending up on the trigger, it may take up to three hours for the alarms to re- appear.
---------------------------------------------------
How many times are “the event re-occurs”? Does it mean the 2nd time?
And they want to know the example of the above description.
When they enable the following Alarm, how will the behavior of the above?
· Excessive Authentication Attempts
· Excessive Failed Attempts
Regards,
03-25-2016 09:18 PM
I will do some research on this and respond offline.
10-11-2018 05:48 PM
Any answer to this?
I was reviewing alarms and am I getting it too even though I have had authentications in the last 2 minutes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide