cancel
Showing results for 
Search instead for 
Did you mean: 
dindsy
Level 7

excessive Malware events

hi there,

I have a Cisco ironport that is our Malware filter. it is doing its job fine and traps Malware events that someone goes through each day and deletes or releases email. the problem is that the ironport is sending a Malware log to the collector every time. I don't need these because it's doing what its supposed to.

Is my only option to filter the iron port messages and stop them sending the logs to the ESM? or is this a better option?

thanks

0 Kudos
1 Reply
sssyyy
Level 12

Re: excessive Malware events

Best to configure Cisco from sending you the events, filter on receiver is the last resort, as it takes resources to do that.

0 Kudos