Hi everyone,
Having some .CSE rules when high amount of data Is leaving a internal network. Having alot of false positives related to this.
And I'm wondering If It's possible in some way to exclude a specifik "Subject Payload" field?
That "Subject Payload" Is visibile due to my SAL logging that I have.
From a regular "flow search" I can exclude the "Subject Payload" field under,
--> Advanced Connection Options
--> Payload
But this Is not available under,
--> Policy Management
--> Custome Security Events
Thanks