Hi all,

Currently I have a rule configured to alert connections at a specific time, every time there is a connection during this period of time, it alerts for each action when it is configured per session.

Anybody knows how I can Limit number of alerts when come from the same dbuser. The objective is that when alerting once, it does not repeat itself if it has the same origin and dbuser

------------------------------
Lelis Cuicas
------------------------------

Lelis,

I do not believe that there is a way to do this natively in Guardium. We had similar needs and opted to send the alert to an SIEM by having the rule go to syslog and forwarding syslog to the SIEM. We then use the SIEM alerting to meet the requirements.

------------------------------
Chase Walkup
------------------------------

Original Message:
Sent: Tue October 06, 2020 02:12 PM
From: Lelis Cuicas
Subject: Limit number of alerts

Hi all,

Currently I have a rule configured to alert connections at a specific time, every time there is a connection during this period of time, it alerts for each action when it is configured per session.

Anybody knows how I can Limit number of alerts when come from the same dbuser. The objective is that when alerting once, it does not repeat itself if it has the same origin and dbuser

------------------------------
Lelis Cuicas
------------------------------

Hi Lelis,


Please set the below action rule and restart the security policy and inspection engines.

Alert Once Per Session: sends notifications only once for each session in which the rule is matched. This action might be appropriate in situations where you want to know that a certain event has occurred, but not for every instance of that event during a single session. For example, you may want a notification sent when a certain sensitive object is updated, but if a program updates thousands of instances of that object in a single session, you would not want thousands of notifications sent to the receivers of the alert.

------------------------------
Sachin Shende
Security Consultant
IBM
+91-9561-650-383
------------------------------

Original Message:
Sent: Tue October 06, 2020 02:12 PM
From: Lelis Cuicas
Subject: Limit number of alerts

Hi all,

Currently I have a rule configured to alert connections at a specific time, every time there is a connection during this period of time, it alerts for each action when it is configured per session.

Anybody knows how I can Limit number of alerts when come from the same dbuser. The objective is that when alerting once, it does not repeat itself if it has the same origin and dbuser

------------------------------
Lelis Cuicas
------------------------------