I've got a requirement to generate alerts (a phone call is requested but I could sell an email -> SMS) for intrusion events on our network.
We've got a Sonicwall NSA 2400. The approach that occurred to me is to enable and config Intrusion Prevention, enable Alert logging for the IP category, then a configure a send-to address for Alerts in Log > Automation.
The problem with this is that we're spamming a device with thousands of alerts for IP events. Ideally we are looking for a way to notify only in the case of a credible (or successful) attack.
Is there a better approach?