EventIngressMonitor
ID: 100143
Description:
event ingress bandwidth monitor
Repository: Group: System Type: event
Default Status:
Disabled
| Tags: |
|---|
Selector:
Query:
Filters:
| Field | MUST hit |
|---|---|
| Field | MUST NOT hit |
|---|---|
Behavior Rule:
| Key | Type | Behavior Category |
|---|---|---|
| @type | asset | application activity |
Risks:
| Risks | Base Score | Dimension |
|---|---|---|
Attributes:
| Alias | Key |
|---|---|
Correlation Rules:
Aggregation:
| Name | Window | Field | AggType | Match |
|---|---|---|---|---|
| TotalEvent | 1 hour | size | sum | gt 5e+08 |
| Risks: | ALERT_POLICY |
History:
| User | Date |
|---|---|
| ad*n@security.do | 2020 Dec 4 17:42:46 EST |
This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)