Event Filtering
To reduce the number of security events that are generated when the WAF Profile is triggered, the Event Filtering under Advanced Settings can be configured to rate limit or sample the events. The configuration does not alter the detection or protection behavior.
When specifying Type as Rate, the generated events are rate limited based on the specified Number of Events triggered over a Time evaluation interval (in seconds). For example, if Number of Events is specified as 50 and Time is specified as 5 seconds, only 10 events per second will be generated.
When specifying Type as Sample, the generated events are sampled based on the specified Number of Events. For example, if Number of Events is specified as 10, only 1 event will be generated for every 10 events triggered.
Profile Event FilteringProfile Event Filtering applies to all rules that are configured in the WAF Profile:
-
Specify the Type as Rate or Sample:
-
Rate- Specify the Number of Events and the Time evaluation interval (in seconds).
-
Sample- Specify the Number of Events.
-
To reduce the number of security events that are generated when the WAF profile is triggered, event filtering can be configured to rate limit or sample the events. The configuration does not alter the detection or protection behavior.
Rule event filtering applies to specific rules that are configured in the WAF profile.
Procedure
Step 1 | Click Add under Rule Event Filtering. |
Step 2 | For Rule ID List, specify a comma-separated list of Rule IDs. |
Step 3 | Specify Type as Rate or Sample.
|