Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
469
Views
0
Helpful
2
Replies

fire once summary mode question

mhellman
Level 7
Level 7

‎07-07-2006 07:26 AM - edited ‎03-10-2019 03:05 AM

let's say I have signature with the following characteristics:

Event Counter

-------------

Event Count: 1

Event Count Key: Attacker and Victim addresses

Specifiy Alert Interval: No

Alert Frequency

---------------

Summary Mode: Fire Once

Summary Key: attacker and victim addresses

Specify Global Summary Threshold: No

Obviously, it will alarm for the first event, but what about subsequent events? Testing reveals that it does eventually generate more alarms...but how much time much pass?

Labels:
0 Helpful
2 Replies 2

craig.lepchenske
Level 1
Level 1

‎07-09-2006 12:35 AM

The amount of time is indicated by the Summary Interval (Time in seconds used in each summary alert).

I think by default, signatures are set to 15 seconds.

0 Helpful

mhellman
Level 7
Level 7
In response to craig.lepchenske

‎07-10-2006 07:53 AM

AFAICT, there is no summary interval for the "fire once" summary mode. It is not exposed to the user for viewing/modification anyway. 15 seconds doesn't seem likely given the testing I did. It was ~2 minutes that a new alarm would fire.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card