Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
877
Views
0
Helpful
1
Replies

source port 0 with Summarize set to 15

wgorman
Level 1
Level 1

‎10-02-2013 11:32 AM - edited ‎03-10-2019 06:03 AM

See Sig. ID 5930/0 in IME in Event Monitoring as an example.

If the Alert Frequency, Summary mode of an IPS signature is set to Summarize with a value of 15, does this mean that all 15 hits receive the stated Action Taken (eg. dropped packet, deniedFlow, tcpOneWayResetSent) as in the first alert triggered.

Is it true that the display of 'port 0' in the next triggered event represents the following 14 events which also experience the same action taken as the first, but the Actions Taken words (dropped packet, deniedFlow, tcpOneWayResetSent) are not displayed (ie. the field is blank).

Can someone clear this up for me?

Thanks.

WG

Labels:
0 Helpful
1 Reply 1

Luis Silva Benavides
Cisco Employee
Cisco Employee

‎10-02-2013 12:24 PM

Hi,

Yes, actually what will happen is that after X amount of events (times triggered the signature) on an X amount of time you will see an event generated.

The action will be the same for all events (times triggered the signature) but message will only display after X amount of events

http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clisgdef.html#wp1040171

HTH

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card