02-12-2017 02:51 PM
Hi Team,
We are receiving critical Alert in the FMC related to INTRUSION AND FILE EVENT RATE ALERT. And the in the Description Events per second is 58.524. Is it because of more Intrusion and File Attacks Detected. How to check this details. ? Kindly request your assistance on this.
Thanks,
-Vishnu
Solved! Go to Solution.
05-24-2017 01:05 PM
Hello Vishu,
for example you can investigate Summary Dashboard after "Intrusion and file event rate" alert is seen on FMC appliance. You will be able to see number of total amount of IPS events, potential spikes with IPS event rates, Top targets and when you click on the graph data you will be redirected to the IPS events that trigger that time to get more details along with specific timestamp.
Critical alert will be seen anytime appliance see over 50 IPS/file events per second, if those events are expected in your network environment you can adjust this value in health policy to higher number.
Best regards,
Veronika
05-24-2017 01:05 PM
Hello Vishu,
for example you can investigate Summary Dashboard after "Intrusion and file event rate" alert is seen on FMC appliance. You will be able to see number of total amount of IPS events, potential spikes with IPS event rates, Top targets and when you click on the graph data you will be redirected to the IPS events that trigger that time to get more details along with specific timestamp.
Critical alert will be seen anytime appliance see over 50 IPS/file events per second, if those events are expected in your network environment you can adjust this value in health policy to higher number.
Best regards,
Veronika
03-26-2018 11:36 PM
Hi
Is any Impact on device or services by this ?
On my environment its goes to 150-200.
05-27-2017 03:20 PM
Thanks Veronica..
-Vishnu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide