excluding particular IP from particular alert
I am new to Alert Logic, could you please guide me on how to exclude (IP/Username) from triggering particular alert/incident on the alert logic? in simple how to creation exclusion to avoid false positive.
Kotresha Megalamane, thank you for reaching out! You can whitelist an IP address in the Alert Logic console. Please see the following Knowledge Base article or Product Documentation for the product you're entitled to--
- Managed Detection & Response entitlements: https://docs.alertlogic.com/deploy/data-center-pro-ent.htm#NetworkIDSWhitelist
- Cloud Defender or Threat Manager entitlements: https://support.alertlogic.com/hc/en-us/articles/360042257172-Work-with-Whitelist-Policies
To safely exclude a specific username, we recommend that you submit a ticket with Alert Logic Support and have us manage that for you.
Please let me know if you have any additional questions.
Does not this exclude completely to the whole deployment all types of alerts, plan is to monitor other activities but just want to exclude to particular alert alone.
Is there anything that we can do like that??0
Whitelisting the IP in the Alert Logic console will only prevent incidents from being generated. If you have Alert Logic Support whitelist a username, we can have an incident suppressed or we can auto-close so you'll have a record of it, but you won't be notified via phone/email.
I'm going to open up a ticket for you with our Support team to dig into this further, where you can securely share specifics about your environment. You should receive a notification via email that the ticket has been created. Please let me know if there's anything else I can do to support you getting the information you need.-1
Please sign in to leave a comment.