Feature #314: [idmef-criteria] support at end node - Prelude-LML - UNITY 360

Feature #314

[idmef-criteria] support at end node

Added by over 14 years ago. Updated about 14 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

0.9.14

Start date:

Due date:

% Done:

Resolution:

worksforme

Description

It will be fine if this support exists since I have a lot of almost the same messages from all nodes about the same alert - successful login of backup user. It logs in frequently on all nodes so a lot of messages may be filtered without sending them to prelude-manager.

History

#1 Updated by Yoann VANDOORSELAERE over 14 years ago

Wouldn't a Prelude-LML pass rule, do what you are looking for?

#2 Updated by Yoann VANDOORSELAERE over 14 years ago

Status changed from New to Closed
Resolution set to worksforme

Replying to [comment:1 yoann]:

Wouldn't a Prelude-LML pass rule, do what you are looking for?

By pass rule, I meant a "silent" rule:

regex=myregex; silent; last

Marking as workforme, please let us know if this doesn't solve your problem.

#3 Updated by Yoann VANDOORSELAERE about 14 years ago

Project changed from PRELUDE SIEM to Prelude-LML
Category deleted (4)
Target version deleted (~~0.9.14~~)

Also available in: Atom PDF

Project

General

Profile