IDS Threshold Cross Notification Trap

acIDSThresholdCrossNotification

Event

acIDSThresholdCrossNotification

OID

1.3.6.1.4.1.5003.9.10.1.21.2.0.100

Description

The alarm is sent for each scope (IP or IP+Port) crossing a threshold of an active alarm.

Description

The trap is sent for each scope (IP or IP+port) crossing a threshold of an active alarm.

Event Type

Other

Alarm Text

Threshold crossed for scope value IP. Severity=minor/major/critical. Current value=NUM

Corrective Action
1. Identify the remote host (IP address / port) on the network that the Intrusion Detection System (IDS) has indicated as malicious. The IDS determines a host to be malicious if it has reached or exceeded a user-defined threshold of malicious attacks (counter).
2. Block the malicious activity.