Configuring the Firewall Violation Outbreak Criteria and Notifications

  1. Go to Administration > Notifications > Outbreak.
  2. In the Criteria tab:
    1. Go to the Firewall Violations section.
    2. Select Monitor firewall violations on Security Agents.
    3. Specify the number of IDS logs, firewall logs, and network virus logs.
    4. Specify the detection period.
    Tip:

    Trend Micro recommends accepting the default values in this screen.

    Apex One sends a notification message when the number of logs is exceeded. For example, if you specify 100 IDS logs, 100 firewall logs, 100 network virus logs, and a time period of 3 hours, Apex One sends the notification when the server receives 301 logs within a 3-hour period.

  3. In the Email tab:
    1. Go to the Firewall Violation Outbreaks section.
    2. Select Enable notification via email.
    3. Specify the email recipients.
    4. Accept or modify the default email subject and message. You can use token variables to represent data in the Subject and Message fields.
      Table 1. Token Variables for Firewall Violation Outbreak Notifications

      Variable

      Description

      %A

      Log type exceeded

      %C

      Number of firewall violation logs

      %T

      Time period when firewall violation logs accumulated
  4. Click Save.
Parent topic: Firewall Violation Outbreaks