Guys need to filter out Exchange Healthbox account from some of the events in ESM 9.6.
I created a Watchlist for it. Can anybody help me on this.
Attached is the account names example.
Successfully moved from Support Forums to Security Information and Event Management (SIEM) > Discussions
For better exposure and assistance.
This KB has some good examples for Receiver filter including filtering out Windows machine accounts.
Dear thanks for the KB, tired it but it didn't work work.
Below is the PCRE I mention in the filter. Is it right?
Like said it can be acomplished with Filters inside the Policy Editor -> Receiver -> Filters.
Can you retrieve a packet and show us the full line ?
@hangon4khan Could you let me know which parser/protocol you're using to receive the events please? Thanks.