Constructing a Rule
Table 21-1
Rule Field
Time Range
User Guide for Cisco Security MARS Local Controller
21-14
Rule Fields and Arguments
Field Description and Arguments
Identifies the period of time over
which the count value is augmented.
For rules that have a Count value
greater than one, the Time Range
value determines how long the
period should be before the count
value is reset. For example, you can
assume that if no more than three
login attempts have occurred over a
10-minute period that counter can be
reset.
Chapter 21
Argument Descriptions
Usage Guideline: The Time Range
value combined with the Count value
can affect the operation of your
MARS. Each time an event is captured
that satisfied a unique instance of an
inspection rule, a monitoring session
is constructed to track possible future
occurrences until either the Count
value is reached or the time period
expires.
Rules
78-17020-01