Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
henryck
Participant

SmartEvent Exclusions

Hello CheckMates

We are looking for ways to create tailored exclusions as we are being overrun by events. We have secure networks without access to the web and these servers are affected mostly by dropped traffic logs causing correlation events - therefore sending lots of alerts and making it difficult to find useful information.

Is there a way to exclude dropped traffic in the policy? We are mostly interested in correlation of events that are from the inside > outside for these particular networks, but I cannot find a way to configure the policy for this.

Creating global exclusions and such has not worked due to the variables of each connection and destination. Any advice or ideas of how you guys deal with such an issue would be greatly appreciated! Thanks 

2 Replies
PhoneBoy
Admin
Admin

What kind of drops are they specifically?
What blades are involved?

henryck
Participant

Hi

These logs relate directly to the firewall blade and specifically the DoS entries. I would like correlation to still occur for these servers but just not for this particular unit - I can only see the product field in the global exclusion but still unsure of the relevance and/or how it is configured correctly. 

The drops we are seeing are outbound 80/443 connections due to security policy. 

Thank you

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events