Security

Hello Community!

I currently use NSM 2007.2r1. I set up Device Log Action Criteria to send us e-mail about Critical and Major events in predefined category. However some event occurs very frequently (for example sev='major' cat='predefined' subcat='VIRUS:SMTP:DOUBLE-DOT-DOT') and I would like to filter it out from e-mails. Is it possible?

I can imagine two soutions:

1. There are a lot of subcategory under predefined category. It would be easy if I can select just what I want to filter I click "negate". But there is no "Negate" check box!

2. I can check all subcategories except which I want to filter. It would be easy if there will be a "Select All button". But there is not!

Can someone give me some hints about how can I do that?

Thanks in advance,

Tamas

Actually while holding down shift,  select the first attack then scroll down and click on the last...then hit the spacebar. All items should be checked.

There are two ways I see how to do what you want:

1st:

Select "predefined"--> select all (with the instructions above) and uncheck the attacks you don't want.

2nd:

create two rules in your policy covering all major events. One rule that alerts you through email (right click the notification column-->log action-->check email, etc.) and another that logs the attacks that you don't want to be notified about but would still like to log.

The second one is some work to setup it but can be useful in some cases

Hello!

I tried the 1st suggested solution. Thank you very much!

Tamas