Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5209
Views
5
Helpful
3
Replies

Cisco Sourcefire Intrusion and File event Rate Alert

Go to solution
Vishnu Ravindranath
Level 1
Level 1

‎02-12-2017 02:51 PM

Hi Team,

 

We are receiving critical Alert in the FMC related to INTRUSION AND FILE EVENT RATE ALERT. And the in the Description Events per second is 58.524. Is it because of more Intrusion and File Attacks Detected. How to check this details. ? Kindly request your assistance on this.

 

Thanks,

-Vishnu

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Veronika Klauzova
Cisco Employee
Cisco Employee

‎05-24-2017 01:05 PM

Hello Vishu,

for example you can investigate Summary Dashboard after "Intrusion and file event rate" alert is seen on FMC appliance. You will be able to see number of total amount of IPS events, potential spikes with IPS event rates, Top targets and when you click on the graph data you will be redirected to the IPS events that trigger that time to get more details along with specific timestamp.

Critical alert will be seen anytime appliance see over 50 IPS/file events per second, if those events are expected in your network environment you can adjust this value in health policy to higher number.

Best regards,

Veronika

View solution in original post

3 Replies 3

Go to solution
Veronika Klauzova
Cisco Employee
Cisco Employee

‎05-24-2017 01:05 PM

Hello Vishu,

for example you can investigate Summary Dashboard after "Intrusion and file event rate" alert is seen on FMC appliance. You will be able to see number of total amount of IPS events, potential spikes with IPS event rates, Top targets and when you click on the graph data you will be redirected to the IPS events that trigger that time to get more details along with specific timestamp.

Critical alert will be seen anytime appliance see over 50 IPS/file events per second, if those events are expected in your network environment you can adjust this value in health policy to higher number.

Best regards,

Veronika

Go to solution
rockey
Level 1
Level 1
In response to Veronika Klauzova

‎03-26-2018 11:36 PM

Hi

Is any Impact on device or services by this ?

On my environment its goes to 150-200.

 

 

0 Helpful

Go to solution
Vishnu Ravindranath
Level 1
Level 1

‎05-27-2017 03:20 PM

Thanks Veronica..

-Vishnu

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card