How to limit the number of alerts generated by a threat definition or alerting rule

The suppression feature is available in version 5.x and above. Each time before triggering an alert, Cayosoft Guardian first checks how many alerts have already been created by this rule within a specific time interval. If the limit has been reached, no new alerts will be created and the rule will pause for a specified period of time before executing again.

To limit the number of alerts generated by a threat definition:

1. Open Cayosoft GuardianWeb Portal.

2. Expand the Threat detection node.

3. Click on the Threat Definitions node.

4. Find and select a threat definition.

5. Press Properties.

6. Go to the Suppression tab.

7. Enable the Suppress excessive alerts option. Adjust other settings if necessary.

NOTE: Enabling suppression does not prevent rules from generating alerts immediately. Suppression only pauses a rule when it is triggered again and the conditions for the number of alerts are met.