StuKirby
May 07, 2019Nimbostratus
ASM Violation Block IP
I want to know of there's a way to block or shun an IP based off how many ASM Violations a Source triggers. I know DoS profiles can look for an increase in volume of traffic but I would like an option or a rule somewhere to say if an IP causes "X" number of ASM Alarmed Violations in a time period then perform Block or Shun.