I would like to create a rule that will page and email administrators of events such as what you see in the picture.
I had my team perform an ethical hack on a customers perimeter gateway and watched what MARS would do.
I want a rule that will email and page the admins when the activity of a host gets above the 3000 avg/min mark.
Any suggestions how the rule would look like? Or if it is even possible to create a real time report that will alert admins