About the criteria that defines an outbreak
|Article:HOWTO82468|||||Created: 2012-11-30|||||Updated: 2013-10-28|||||Article URL http://www.symantec.com/docs/HOWTO82468|
You can specify the number of occurrences of an event that must occur within a specified time frame to define an outbreak. Although there are no standard numbers to use when specifying frequencies, take into consideration the following:
Threat potential of the event category that is being monitored
Size of your mail system
Amount of email that is typically processed
Stringency with which you want to define an outbreak
Mail Security monitors your server at regular intervals to detect outbreaks (the default setting is every 2 minutes). When Mail Security checks your server for outbreaks, it checks the events that occurred within the specified period of time (the default setting is 20 minutes). Mail Security issues an outbreak notification when it detects an outbreak.
For example, assume that you enable outbreak management, configure Mail Security to monitor for outbreaks every 2 minutes, and enable the "Same virus" outbreak trigger using the default configuration.
Figure: Example of an outbreak event provides an explanation of the events that would occur if Mail Security detects 50 messages that contain the Eicar virus at 1:05 P.M. and 50 messages that contain the Eicar virus at 1:19 P.M.
Article URL http://www.symantec.com/docs/HOWTO82468