Hello,
I have been
attempting to filter events and not ports in the sensor policy. I would like to
have the ability to have the Alert enabled, but filter Source/Dest IP, Alert
name, Direction (Out or IN ). The goal would be for example to filter All
Nimda type alerts Incoming but alert on Nimda outbound from my network.
This would alert me of any infected machines on my
network. Currently from what I can tell, the only option is to Check
the alert off.
Donald 'Scott' Allen
