Is there a good source document to use for ACE configuration. I was hoping to find a source to assist in "tuning" the ACE. How to whitelist an IP or even a user name? I have not been able to find anything yet to develop more in-depth questions but I hope to....
Tuning via whitelisting is pertty much a case-by-case basis. I suggest utilizing varibles within Policy Editor and Watchlists. To "whitelist" your ip or username, you could make a watchlist called "Good Users" and in the correlations that apply, add in an "AND" statement that says Source User (or) Destination user (depending on your rule) is NOT IN Watchlist "Good Users"
I have it currently filtering a specific username out via ACE, Correlation Engine, Setting, Filters then appling the a similar watchlist. My goal is to be able to have four watchlists. Those four being source user, dest. user, source IP, dest. IP so all would be filtered. However, I have not been successful with applying the NOT IN rule for all four of the statements. I not sure on if the filter needs to go And then or WL, or WL, or WL, or WL etc. Still in the testing phase at this time.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.