[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] Reducing the number of events



You are correct; this is not available for OS signatures.
Though, may I ask which OS signature is flooding your DB?

Jean Paul

-----Original Message-----
From: vanskee2 mamen [mailto:vanskee2@xxxxxxxxxxx] 
Sent: Friday, November 19, 2004 2:42 AM
To: Ballerini, Jean Paul (ISS EMEA); james.mohr@xxxxxxxxx;
issforum@xxxxxxxxxxxxxxxx
Subject: RE: [ISSForum] Reducing the number of events


Is this applicable to OS sensor signatures? I cannot find the advance
param 
in any OS signatures.

thanks

>From: "Ballerini, Jean Paul (ISS EMEA)" <JPBallerini@xxxxxxx>
>To: "Mohr James" <james.mohr@xxxxxxxxx>,
"issforum@xxxxxxxxxxxxxxxx" 
><issforum@xxxxxxx>
>Subject: RE: [ISSForum] Reducing the number of events
>Date: Wed, 17 Nov 2004 09:08:18 +0100
>
>Yes,
>
>But it is a little long to explain.
>Look at the advanced parameters of the events under event propagation.
>That is where you can reduce the number of alert (and data stored) per
>event. You'll have to use LogFiltered instead of LogWithoutRaw.
>
>Jean Paul
>
>-----Original Message-----
>From: issforum-bounces@xxxxxxxxxxxxxxxx On Behalf Of Mohr James
>Sent: Tuesday, November 16, 2004 12:44 PM
>To: issforum@xxxxxxxxxxxxxxxx
>Subject: [ISSForum] Reducing the number of events
>
>Hi All!
>
>My boss wants to significantly reduce the number of events that are
sent
>from a number of sensors. I know you can disable specific events, but
is
>there anyway to say that you do not want any low priority events at
all.
>I know how to change the view in the console to not display low
>severity, but I my boss does not want them to even get sent to the
event
>collector. Is there any way to do this?
>
>Regards,
>
>Jim Mohr
>
>_______________________________________________
>ISSForum mailing list
>ISSForum@xxxxxxx
>
>TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
>https://atla-mm1.iss.net/mailman/listinfo/issforum
>
>To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx
>
>The ISSForum mailing list is hosted and managed by Internet Security
>Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
>
>
>
>_______________________________________________
>ISSForum mailing list
>ISSForum@xxxxxxx
>
>TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
>https://atla-mm1.iss.net/mailman/listinfo/issforum
>
>To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx
>
>The ISSForum mailing list is hosted and managed by Internet Security 
>Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.





_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.