It is necessary for some users to record all the Deep Packet Inspection (DPI) events so that they can manage them in the Deep Security Manager. However, the record of DPI events is summarized because of the aggregation events. Know the conditions that trigger the aggregation.
Event aggregation only occurs when both of the following conditions are met:
- Intrusion Prevention (IPS) action is set to "Log".
- A single packet has multiple matches.
Based on the conditions above, the event aggregation would not occur if the IPS action is "Reset". Even if the log aggregation occurs, the IPS event count still matches the actual packet count.