The SMS uses alert aggregation to prevent system performance problems resulting from an excessive number of notification requests. Because a single packet can trigger an alert, attacks with large numbers of packets could potentially flood the alert mechanism used to send out notifications.
Use alert aggregation to receive alert notifications at intervals to prevent this flooding. For example, if you set the aggregation interval to 5 minutes, the system sends an alert at the first filter trigger, collects subsequent alerts, and sends them out every five minutes.
The aggregation period that you configure when you create a notification contact controls alert aggregation. All notification contacts require this setting.
CAUTION
CAUTION
Short aggregation periods can significantly affect system performance. The shorter the aggregation period, the higher the system load. In the event of a flood attack, a short aggregation period can lead to system performance problems. Consistent aggregation alerts can be an indication of over configuration. Performance tuning may be needed.
In addition to the user-configured aggregation period, the system also provides alert aggregation services to protect the system from over-active filters that can lower performance.
For email contacts, the aggregation period works in conjunction with the email threshold setting configured for the email server.