3 Replies Latest reply on Jan 22, 2014 2:09 PM by gfergus1

    Specific tuning of alerts

    ruggerrick

      First time I've been presented with this,

      Im seeing many many alerts on an "outside" port of the sensor with some traffic apparently destined to "internal" hosts, but these are buried under external to external alerts, is there a way to categorize or filter specific subnets or wildcards from a specific interface port on the sensor. i.e. if 10.10.10.0/24 is target on "external" port then alert otherwise ignore.

       

      Thanks

      R