SIGN:MULTIPLE-ACCESS-DENIED

In this section we will configure the Multiple Access Denied alert.

The detection is enabled by default and works accordingly to the following parameters.

Set interval and threshold - 1


Product	Guardian
Syntax	`conf.user configure vi multiple_events protocol <protocol> <interval> <threshold>`
Description	Set the detection configuration for a specific protocol.
Parameters	`protocol`: Name of the protocol to configure. Can be 'all' to apply the configuration globally. `interval`: maximum time in seconds for the event to happen in order to trigger the detection. Default: 30[s] for OT devices, 15[s] for the rest." `threshold`: number of times for the event to happen in order to trigger the detection. Default: 20 for OT devices, 40 for the rest.
Where	CLI
To apply	It is applied automatically

For example, we can configure the detection of a multiple access denied alert for the SMB protocol with an interval of 10 seconds and threshold of 35 attempts with the following command:


       conf.user configure vi multiple_events protocol smb 10 35