As the title says. We don't want to disable reporting on things, because we do want to be able to perform correlative analysis, and to reconstruct events if necessary. But with the amount of events we're logging, literally every system on our network is perpetually escalated, and even if we work through and de-escalate something, it's back on the board in a day or two. Any way to log these events without them triggering escalations, or do we just give up on the protection workspace totally and let our SIEM do the lifting?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.