On 23.08.2012 15:13, Kevin Huang wrote:
Thanks for your answer, but I would like to silence the correspondingrule, say, if 4386 is fired and then can I silence 4334 for 40 minutes,as long as rule 4386 is fied?
Hmmm, the only thing I can think of is a custom script based on an active response which will put in a child rule to not alert, then takes it out after 40 minutes and restarts ossec. Definitely a hack.
