Cisco Cisco Firepower Management Center 4000

Protection

You can set a global threshold to manage the number of events generated by each rule over a period of 
time. When you set a global threshold, that threshold applies for each rule that does not have an 
overriding specific threshold. For more information on configuring thresholds, see 

A global threshold is configured by default. The default values are as follows:

 — Limit

 — Destination

 — 1

 — 60

Admin/Intrusion Admin

Select 

The Intrusion Policy page appears.

Click the edit icon (

) next to the policy you want to edit.

If you have unsaved changes in another policy, click 

 to discard those changes and continue. See 

 for information on saving unsaved changes in another 

policy.

The Policy Information page appears.

Click 

 in the navigation panel on the left.

The Advanced Settings page appears.

You have two choices, depending on whether 

under Intrusion Rule Thresholds is 

enabled:

If the configuration is enabled, click 

.

If the configuration is disabled, click 

, then click 

.

Count

The number of event instances per specified time period per tracking IP 
address or address range required to meet the threshold.

Seconds

The number of seconds that elapse before the count resets. If you set the 
threshold type to 

, the tracking to 

, 

 to 10, and 

 to 10, 

the system logs and displays the first 10 events that occur in 10 seconds from 
a given source port. If only seven events occur in the first 10 seconds, the 
system logs and displays those, if 40 events occur in the first 10 seconds, the 
system logs and displays 10, then begins counting again when the 10-second 
time period elapses.