Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
468
Views
0
Helpful
1
Replies

Can I disable notifications on CSPM on a per IDS Alert basis?

vili.ivanov
Level 1
Level 1

‎02-22-2002 12:04 PM - edited ‎03-08-2019 09:53 PM

example: I get too many dns alerts such as zone x-fer, and all records. They are so many that it crashes the cspm box, and if it doesnt they come in 3 days late. They are medium and high. Can I disable them per sig ID?

Labels:
0 Helpful
1 Reply 1

pbobby
Level 1
Level 1

‎02-22-2002 05:07 PM

Absolutely.

You can do a couple of things.

1. Apply a custom signature set to the sensor in question; then 'uncheck' the signature that is causing so many alerts.

2. Or you can apply a filter so that it completely ignores the signature for the host or hosts that the DNS transfers are being directed against.

3. Finally, and probably the most recommended, is that under Tools->Notifications, you can specify how many alerts must occur before the first email/script is sent. THen specify how many alerts must 'pass' by before a second email/alert is sent out again.

If you're not talking about emails/scripts, then #1 or #2 are your choices.

0 Helpful
Customers Also Viewed These Support Documents