gpoire
commented
6 years ago Hello, seclyn,
I have the same problem now, do you already resolve it ?
Open seclyn opened 7 years ago
gpoire
commented
6 years ago Hello, seclyn,
I have the same problem now, do you already resolve it ?
seclyn
commented
6 years ago I do not, I've tried a bunch of different combinations and have had no success. On Tuesday, December 12, 2017, 4:28:02 AM EST, gpoire notifications@github.com wrote:
Hello, seclyn,
I have the same problem now, do you already resolve it ?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
Qmando
commented
6 years ago filter:
- query:
query_string:
query: "NOT email: /.*@mycompany.com/"
Hello,
I'm new to elastalert so forgive me if this is already solved or I'm just doing it wrong. I've created a search that looks for potential phishing e-mails that pass the spam filter. The issue I'm having is I've created a whitelist file but it appears to only accept absolutes?
Example if in my whitelist.txt I put "me@mycompany.com" elastalert does NOT alert which is great! But in larger scopes if I want to just whitelist "@mycompany.com" it still alerts :\ .
I've also tried "mycompany.com" , "*mycompany.com" , and "mycompany" but each of those still triggers alerts. Again, I go back to full e-mail and it works fine. The spam filter logging sends over the whole e-mail it does not just pull a domain otherwise I'd have tried that route.