AnsweredAssumed Answered

Rate Control in Security Monitor - Need to understand the math

Question asked by Gopi Ramasamy on Nov 1, 2015
Latest reply on Sep 6, 2016 by Andres Pereira

Hi,

 

As per the documentation, the bursting threshold and average threshold works this way in the Rate control.


Bursting Threshold -  average number of hits per second occurring within a five-second period that, if exceeded, triggers the desired action (Alert, Deny, or reporting only)

Average Threshold  - average number of hits per second occurring within a two-minute period that, if exceeded, triggers the desired action (Alert, Deny, or reporting only)

 

I would like to understand the math behind it.

 

For ex:

 

If the rate control has Avg threshold is 12 and burst threshold is 30,

 

To be denied by the Avg rule, an IP would have sent more than 1440 requests  (12 requests*60 seconds *2 minutes) in a 2 minutes period.

To be denied by the Burst rule, an IP would have sent more than 9000 requests  (30 requests*60 seconds *5 minutes) in a 5 minutes period.


Is this understanding correct?


Any detailed explanation is highly appreciated.


Thanks,

Gopi

Outcomes