Hello,
Our ESM was configured with "dummy" Windows data sources, for ease of adding multiple client data sources. The dummy parent has an IP address of 0.0.0.0.
My system logs fill up with Health Monitor alerts that read "Login failed" due to "NT_STATUS_BAD_NETWORK NAME" every ten minutes.
Is there any way to keep the SIEM from checking the parent data source (while continuing to check the client data sources) or to suppress this alert?
Thank you,
- Steve
Solved! Go to Solution.
This will be seen in a later version. You can see the idea was accepted and being worked on:
Hi. Intreasting Quation..
but why not to just change the dumy device Parent
from A "Connect / Authentication" device to a Receiving device for example Syslog etc. ?!
just change it from Windows to Linux or some other dumy device.
Best Regards👍👍👍
David.
Hi David,
I can't do that. The parent device has many client devices that are inheriting properties from it.
Thank you,
- Steve
This will be seen in a later version. You can see the idea was accepted and being worked on:
Thanks, Eric. Good to know.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA