Adding alerting thresholds to security policies
To specify Low, Medium, and High alerting thresholds for a security policy:
-
Go to the Definitions > Policies page Security tab.
-
In the Configured Policies list, select the policy for which you want to set alerting thresholds. This displays the alerting threshold settings for the selected policy.
-
In the Alerting Thresholds section, click New. This displays the threshold settings page for the policy you have selected.
-
Enter the severity levels at which events are to trigger Low, Medium, and High alerts.
-
Select the type of groups to list in the Groups box.
-
Select Hosts or Groups, as applicable.
-
If you are setting thresholds for hosts, enter the hosts as CIDR blocks or individual IP addresses or host names. Use either a comma-separated list or a separate line for each. "Any" is a valid entry.
-
If you are setting thresholds for host groups, multi-select (Control-click) the groups to which the thresholds apply.
-
-
If you are setting thresholds on protocols or ports:
-
Use the Browse link to identify protocols or ports and add them to the list.
-
Alternatively, enter the ports in protocol-port format or enter protocols by protocol name.
-
Use either a comma-separated list or a separate line for each. "Any" is a valid entry, but ensure the box does not contain both Any and other entries.
-
-
Click OK. The Threshold Settings page closes and the new thresholds are displayed.
Modifying or removing an alerting threshold