Hi! Is there any type of document that explains the type of event source
necessary for each ESA Rule? Example: for the "Web DoS Alert" rule the
necessary or recommended event source would be a Firewall or a Router
Hi! I like to enrichment a List (Create a Blacklist) using a rule, when
an IP do a specific behavior add to a list, I try put something like
this in the end of the rule, but don't work: insert into BlackListselect
ip_src; I "call" the list in the beg...
Hi! How can I add IP Range in a List (Enrichment Source) used in ESA
rules, I try with a single IP and works fine but when I add a slash
(CIDR Notation) dont trigger the rule, any suggestions?
Hello, I would like to eliminate all the alerts activated by a specific
rule, I have around 100.000, when I try to eliminate only can delete 900
alerts of each time, any idea of how to eliminate a greater quantity?
Hello! How I can exclude a subnet in a ESA Rule? Example: ip_src IS NOT
"10.0.0.0/8", i try this option and substituting the octets with "x,*,%"
and not work, can you help me?
