#68 Input event filtering into alert groups by search criteria

2.0x
open
nobody
Misc (7)
5
2008-06-19
2008-01-07
Terry Burton
No

A feature request has already been filed for searches to be savable.

Further to this I would like to request that selected saved searches could be used as filters on incoming alert which assign them into a named alert group.

Already I use BASE alert groups to drive certain network actions such as blocking a host at the perimeter firewall or automating the submission of an abuse report to the WHOIS contacts.

Alert filtering would provide a trivial but effective means of security event automation and intrusion prevention.

Discussion

  • Sean Muller
    Sean Muller
    2008-06-19

    • milestone: 467936 --> 2.0x
     
  • Sean Muller
    Sean Muller
    2008-06-19

    Logged In: YES
    user_id=1974285
    Originator: NO

    moving to Base2.x