CCE-36941-3| Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Define the rate of detection events for logging
This policy setting limits the rate at which detection events for network protection against exploits of known vulnerabilities will be logged. Logging will be limited to not more often than one event per the defined interval. The interval value is defined in minutes. The default interval is 60 minutes.
If you enable this setting, detection events will not be logged if there is more than one similar report (by definition GUID) in the specified number of minutes.
If you disable or do not configure this setting, detection events will be logged at the default rate.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows DefenderNetwork Inspection System!Define the rate of detection events for logging
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows DefenderNISConsumersIPS!ThrottleDetectionEventsRate
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 5.6 | Attack Vector: NETWORK |
| Exploit Score: 2.2 | Attack Complexity: HIGH |
| Impact Score: 3.4 | Privileges Required: NONE |
| Severity: MEDIUM | User Interaction: NONE |
| Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| | Confidentiality: LOW |
| | Integrity: LOW |
| | Availability: LOW |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:27708 |
