Applies To:Show Versions
BIG-IQ Centralized Management
- 8.2.0, 8.1.0, 8.0.0
Exporting DoS Attacks via SNMP
Exporting reported DoS attacks
- The BIG-IP device/device group that detects the attack
- A known attack vector for a specific protocol
- An attack that exceeds a specified amount of time
- A minimum number of transactions per second (TPS) the attack sends in an attempt to access your protected object(s)
- The consistency in which alerts are sent over the duration of the attack
Viewing in DoS Alert Rules in BIG-IQ
Create a DoS alert rule
- Go to.
- In theNamefield, type a unique name for your DoS alert rule.
- To collect attack information from a specificDeviceorDevice Group, select an option from theDevice Targetfield.TheDevice/Device Groupfield allows you to specify a managed object.
- Use theAttack Vector Protocolfield to filter attacks by a specific vector, by selecting one of the DoS protection protocols:Application,DNS, orNetwork.TheAttack Vectorfield allows you to specify an attack vector for the selected protocol.
- Use theTPSfield to filter attacks by a minimum number of transactions per second by selectingExceeds, and entering a value.
- Use theDurationfield to filter attacks by the minimum amount of time (in minutes) a DoS attack is sustained by selectingAfterand entering a value.
- Use theResent Afterfield to report the status of an ongoing DoS attack by specifying the number of minutes to send updated attack information.
- ClickSave & Close.
Modify DoS alert rules
- Go to.
- To delete an alert rule, select the check box next to the alert rule name, and clickDelete.
- To modify an alert rule, click the name of the alert rule.The current alert rule configuration is displayed.
- Modify the settings as required.
- Click theSave & Closebutton.