- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- SmartEvent Exclusions
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SmartEvent Exclusions
Hello CheckMates
We are looking for ways to create tailored exclusions as we are being overrun by events. We have secure networks without access to the web and these servers are affected mostly by dropped traffic logs causing correlation events - therefore sending lots of alerts and making it difficult to find useful information.
Is there a way to exclude dropped traffic in the policy? We are mostly interested in correlation of events that are from the inside > outside for these particular networks, but I cannot find a way to configure the policy for this.
Creating global exclusions and such has not worked due to the variables of each connection and destination. Any advice or ideas of how you guys deal with such an issue would be greatly appreciated! Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What kind of drops are they specifically?
What blades are involved?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
These logs relate directly to the firewall blade and specifically the DoS entries. I would like correlation to still occur for these servers but just not for this particular unit - I can only see the product field in the global exclusion but still unsure of the relevance and/or how it is configured correctly.
The drops we are seeing are outbound 80/443 connections due to security policy.
Thank you