cancel
Showing results for 
Search instead for 
Did you mean: 
socgt
Level 7

Disabling events on SIEM Agent

Hello Experts,

We are performing event noise reduction on SIEM. There are some events that fall under the SYSTEM category of windows.

Now we want to disable these events without deselecting the SYSTEM category on SIEM Event Log Collector.

Also is there any guide/document on the different event categories mentioned in the SIEM Event log collector.?

Thanks

0 Kudos
2 Replies
kmc
Level 12

Re: Disabling events on SIEM Agent

you can disable particular events with filter functionality

Policy editor->Receiver-> filter

0 Kudos
yd9038
Level 9

Re: Disabling events on SIEM Agent

You can remove SYSTEM from the "Event Logs" menu in the datasource settings.

You can create a system profile w/o SYSTEM to use for Windows servers that you don't want to collect system logs from.

0 Kudos