I get numerous, identical OSSEC messages from a particular server during the same period early morning. They are "Rule: 18152 fired (level 10) -> "Multiple Windows Logon Failures." messages. I know I can simply comment out that particular rule but I don't want to do that. Is there a way to "suppress" or reduce the number of email notifications for this particular server to a single email rather than 30 emails every morning?
Thanks in advance. Ralphy
