topic Configuring a whitelist via in Network Security

whitelist violation change from priority 1

evan.chadwick1 — Thu, 01 Jun 2017 00:01:51 GMT

Hi,
is it possible to change whitelist violation severity? I believe by default they are priority 1 events. I'd like to test whitelist violations without causing incident tickets which are generated on P1 events.

You mean a correlation

atatistc — Thu, 01 Jun 2017 03:08:12 GMT

You mean a correlation whitelist? In your correlation policy when you add a rule you select the priority which can be None or 1-5. This will set the priority of the resulting correlation event.

Configuring a whitelist via

evan.chadwick1 — Thu, 01 Jun 2017 03:40:55 GMT

Configuring a whitelist via the whitelist tab within the correlation section.

I'm not sure if that was a

atatistc — Fri, 02 Jun 2017 01:52:33 GMT

I'm not sure if that was a follow-up question? If you configure a white list via the White List tab under Correlation it's akin to creating a correlation rule. It doesn't do anything by itself. To have the White List evaluated against the target hosts and generate correlation events you need to create a correlation policy and add the White List to it, then activate the policy. So, back to my original answer. You set the priority in the correlation policy.