Manual Policy Building - Recent Incidents - signatures what is recent?
This is a basic question but I haven't seen anything in the documents (so far) that tell me the answer.
When using manual policy building, under traffic learning, if there is a signature violation it lists them. Then click on the "Attack Signature Detected" it will then list them. Then it provides a column labeled "Recent Incidents".
What is the time frame for "recent"? It seems that they disappear after a while.. Maybe a few hours... I would like to see them stay around for a longer period of time, othewise I have to be continually checking. Yes, the reporting gives lots of history, but it isn't as easy to work with (IMHO) as the manual policy building approach.
Is there a place to set the time frame for keeping this? Thanks so much!!!!