Rate Limits on Rules

Some rules can trigger excessive alerts. Since large numbers of alerts from one rule do not provide value and can degrade the performance of F5 Distributed Cloud App Infrastructure Protection (AIP), Distributed Cloud AIP now rate limits alerts.
 

What does "excessive alerts" mean?

When a rule triggers 200 alerts per minute, excessive alerts trigger the rate limit.
 

What will I see when a rule rate limits?

The rule automatically disables in the UI. You do not receive any additional alerts from the rule. However, if the rule does not trigger the rate limit for one consecutive hour, then the rule automatically re-enables.
 

How do I fix this?

Distributed Cloud AIP will reach out and assist you in identifying the goal of the rule triggering the rate limit. Distributed Cloud AIP will also assist you in tuning the rule so it meets your goal without hitting the rate limit.
Was this article helpful?
0 out of 0 found this helpful