< Home

threat alarm threshold

Function

The threat alarm threshold command sets a threshold for the number of HiSec Insight threat log entries.

The undo threat alarm threshold command restores the threshold to the default value.

Format

threat alarm threshold threshold-value

undo threat alarm threshold

Parameters

Parameter Description Value

threshold threshold-value

Specifies the threshold for the number of HiSec Insight threat log entries.

The value is an integer ranging from 70 to 100, in percentage. The default threshold is 80%.

Views

APT-CIS view

Default Level

2: Configuration level

Usage Guidelines

Threat entries are created on the FW if traffic matches the blacklist imported from the HiSec Insight. They are used to collect statistics on blacklist-matching traffic. Threat entries record information such as the source IP address, destination IP address, protocol, matching count, slot ID, and CPU ID. The FW periodically sends logs that are generated by scanning threat entries at a fixed interval. After each scanning, threat entries are cleared, so that they can be written later. If the log sending interval is too long, the threat entry usage may be high. If the usage exceeds a specified threshold, an alarm is generated. The alarm persists until the usage falls below the threshold.

Example

# Set the threshold for the usage of HiSec Insight threat log entries to 90%.

<sysname> system-view
[sysname] apt-cis
[sysname-apt-cis] threat alarm threshold 90
Parent Topic: HiSec Insight Interworking Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic