Hi, I have a VA scanner which I have added in the Whitelist to prevent Active Response from blocking the scans. What I also understand from here is that to prevent email alerts, I should create a custom rule. Is the following syntax proper or am i missing something:
<rule id=“100001” level=“0”> <if_level>7</if_level> <srcip>1.2.3.4/24</srcip> <description>Ignoring rule any level above 7 from Whitelisted IPs</description> </rule> rule id is unique, we have configured to send email alerts only for level 7 & above. -Cal -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
