I have a Cisco ironport that is our Malware filter. it is doing its job fine and traps Malware events that someone goes through each day and deletes or releases email. the problem is that the ironport is sending a Malware log to the collector every time. I don't need these because it's doing what its supposed to.
Is my only option to filter the iron port messages and stop them sending the logs to the ESM? or is this a better option?
Best to configure Cisco from sending you the events, filter on receiver is the last resort, as it takes resources to do that.