02-12-2017 02:51 PM
Hi Team,
We are receiving critical Alert in the FMC related to INTRUSION AND FILE EVENT RATE ALERT. And the in the Description Events per second is 58.524. Is it because of more Intrusion and File Attacks Detected. How to check this details. ? Kindly request your assistance on this.
Thanks,
-Vishnu
Solved! Go to Solution.
05-24-2017 01:05 PM
Hello Vishu,
for example you can investigate Summary Dashboard after "Intrusion and file event rate" alert is seen on FMC appliance. You will be able to see number of total amount of IPS events, potential spikes with IPS event rates, Top targets and when you click on the graph data you will be redirected to the IPS events that trigger that time to get more details along with specific timestamp.
Critical alert will be seen anytime appliance see over 50 IPS/file events per second, if those events are expected in your network environment you can adjust this value in health policy to higher number.
Best regards,
Veronika
05-24-2017 01:05 PM
Hello Vishu,
for example you can investigate Summary Dashboard after "Intrusion and file event rate" alert is seen on FMC appliance. You will be able to see number of total amount of IPS events, potential spikes with IPS event rates, Top targets and when you click on the graph data you will be redirected to the IPS events that trigger that time to get more details along with specific timestamp.
Critical alert will be seen anytime appliance see over 50 IPS/file events per second, if those events are expected in your network environment you can adjust this value in health policy to higher number.
Best regards,
Veronika
03-26-2018 11:36 PM
Hi
Is any Impact on device or services by this ?
On my environment its goes to 150-200.
05-27-2017 03:20 PM
Thanks Veronica..
-Vishnu
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: