Can blacklist timeouts (TTL,lifetime) for "Scanner Protection" or "Botnet Blocking" be changed or increased?Last modified on 8 Sep, 2020. Revision 5
|Up to date for||
Core 12.00.22, 13.00.01
See also: Threshold Rules
If you want to perform your own rate logic on hosts scanning your networks, please see “Threshold Rules”.
Threshold Rules are the only way to deal with rogue internal hosts attempting to scan your own networks - global IP reputation databases obviously know nothing about your private IP addresses.
And, yes, the blacklisting lifetimes can be configured for these.
No related articles found.