FAQ: Rate Limits on Rules

Sometimes customers create rules that trigger excessive alerts. Since large numbers of alerts from one rule do not provide value and can degrade the performance of F5 Distributed Cloud App Infrastructure Protection (AIP)), Distributed Cloud AIP now rate limits alerts.
 
What does "excessive alerts" mean?
When a Rule triggers 200 alerts per minute. Excessive alerts trigger the rate limit.
 
What will I see when a Rule rate limits?
The Rule automatically disables in the UI. You do not receive any additional alerts from the Rule. However, if the Rule does not trigger the rate limit for one consecutive hour, then the Rule automatically re-enables.
 
How do I fix this?
Distributed Cloud AIP will reach out to the customer and assist in identifying the goal of the Rule triggering the rate limit. Distributed Cloud AIP will assist the customer in tuning the rule so it meets the customer's goal without hitting the rate limit.
 
 
Was this article helpful?
0 out of 0 found this helpful