cancel
Showing results for 
Search instead for 
Did you mean: 

Inbound/Outbound Link Utilization Too High Events

Is anyone aware of any issues that may be causing this event to be reported non stop? It is being generated approximately every two minutes.

I have tried the Rebuild the DoS Profiles (start the learning process from scratch) process with no success.

We do not have any indications of an actual attack and this is a fairly new sensor. (IPS-NS9100 running 8.3.5.32) The sensor has been in place for a few
months and appears to have been generating these alerts for a couple months.

3 Replies
Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Inbound/Outbound Link Utilization Too High Events

I think this better in network Security Platform forum . Will move it there if not that product let me know please

Reliable Contributor mjesmer
Reliable Contributor
Report Inappropriate Content
Message 3 of 4

Re: Inbound/Outbound Link Utilization Too High Events

As far as I know and after looking at the attack, this is simply a threshold alert that you can set. Just go into the master attack repo, or individual policy if you have many and only need to make change to one, and set it to something higher. (If this is behavior is not an attack)

Re: Inbound/Outbound Link Utilization Too High Events

I believe this alert is a maintenance alert not a policy alert. You would need to adjust the alerting threshold in the device setup to change the level at which it sends an alert. How to do this varies based on NSM version so please review the appropriate guide for your version.

!!!!Keep in mind this is a percentage based alert meaning that it has reached the percentage of utilization that the interface is capable of handling. So if it is alerting at 70%, for example, it is probably fine and you can increase the threshold. Regardless, if your utilization suddenly increased on a specific interface that is indicative of a change on your network that you should be aware of as a security professional. I would start talking with the the networking folks at your organization to try and determine the cause for the increase and whether it is going to be sustained. In doing so you may determine it is the new normal for your network. If this is the case you may want to start thinking about upgrading the sensors in case future traffic growth would put you over your current sensors' capabilities.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community