E
Size: a a a
2020 February 28
2020 February 29
BO
good day everyone ,,
BO
BO
in regards of this screenshot , how could i limit the number of incidents triggers
RS
Go to event viewer. Group events with non null correlation_name by correlation_name. First one will be your rule.
RS
Go to the rule text in PTKB by clicking on its name
RS
Some rules have options for configuring or whitelisting
BO
well , thanks roman
RS
what rule caused a problem?
BO
we created a TeamViewer rule
RS
and it triggers on every connect/packet?
BO
yes ,
RS
you have to consume duplicates
in your version (22+ will provide different and better solution) i recommend something like that:
create table list (for correlations)
first column and a key should be your host (ip, fqdn, whatever)
set record ttl for 1 hour (specific interval is up to you)
check for record existence and create alert/incident only on it's absence
insert to list on emit
in your version (22+ will provide different and better solution) i recommend something like that:
create table list (for correlations)
first column and a key should be your host (ip, fqdn, whatever)
set record ttl for 1 hour (specific interval is up to you)
check for record existence and create alert/incident only on it's absence
insert to list on emit
MH
Hello Guys
MH
am trying to open the Siem using https from out side the network
MH
but after creating the needed DNAT rules
MH
the login page redirect me to the internal ip address
MH
shall i add a parameter to the core XML file ?
2020 March 01
ММ
Mohammed Houssani
shall i add a parameter to the core XML file ?
Try to set hostadress parameter to hostname instead of ip. The hostname should be resolved inside the network you are trying to access it.
BO
Good day everyone,
Hope all doing well,
I have misunderstanding of some definitions , so we need to clarify it and how could we deal with it
The difference between these and how I can use it or when?!
-Normalization formulas
-Enrichment rules
-Corroboration rules
-localization rules
-Aggregation rules
Also the difference between below and when I could use it :'
-macros
-tabular list
-event field schema
??
Hope all doing well,
I have misunderstanding of some definitions , so we need to clarify it and how could we deal with it
The difference between these and how I can use it or when?!
-Normalization formulas
-Enrichment rules
-Corroboration rules
-localization rules
-Aggregation rules
Also the difference between below and when I could use it :'
-macros
-tabular list
-event field schema
??