2 Replies Latest reply on Jan 4, 2016 12:11 PM by rgarrett

    Using ESM to detect DDoS

    dzh01

      I'm collecting flows and if I go into the flow view I am able to see when a DDoS is occurring. I've enabled the Attack - Possible DDoS Against Single Host rule included in ESM and set the HOME_NET variable. But this rule doesn't ever trigger I've increased the sensitivity and it should be firing but it doesn't. Any ideas?