we are using SmartEvent in our R80.20 Jumbo Hotfix Take 118 enviroment for quite a while to track suspicious activities such as DoS attacks.
Like designed for DDoS attacks, we use the automatic reaction "block event activity", to block multiple sources for this type of event. Unfortunately, when such an event occures, the automatically created SAM rule in SmartviewMonitor only rejects the traffic. When manually creating a SAM rule, you can configure the type of action (Notify/Reject/Drop).
I couldn't find the option in the R80.20 Logging and Monitoring AdminGuide or anything else, to (globally) set this Action from SmartEvent created SAM rules from Reject to Drop. Does anyone have an idea?