Rule Latency Thresholding Notes
By default, latency-based performance settings for both packet and rule handling are automatically populated by the latest deployed intrusion rule update, and we recommend that you do not change the default.
The information in this topic applies only if you choose to specify custom values.
Rule latency thresholding suspends rules for the time specified by Suspension Time when the time rules take to process a packet exceeds Threshold for the consecutive number of times specified by Consecutive Threshold Violations Before Suspending Rule.
You can enable rule 134:1 to generate an event when rules are suspended, and rule 134:2 to generate an event when suspended rules are enabled. See Intrusion Rule State Options.
Option |
Description |
---|---|
Threshold |
Specifies the time in microseconds that rules should not exceed when examining a packet. |
Consecutive Threshold Violations Before Suspending Rule |
Specifies the consecutive number of times rules can take longer than the time set for Threshold to inspect packets before rules are suspended. |
Suspension Time |
Specifies the number of seconds to suspend a group of rules. |