Open ever123ove opened 1 year ago
There is a validate switch to help you with that. Run it like this:
./dsiem validate
Thank you very much for your reply. Another question, is there a way to filter specific IP alarms through policies like Alienvault?
Hi, once an alarm is created they should be managed (including filtered) directly through Elasticsearch/Opensearch or Kibana/Opensearch dashboard. It is better to tune your correlation rules so that alarm isn't created in the first place though.
HI,I have encountered some problems in operation, I want to modify the rule value of directives.json, but I don't know how to ensure that he can successfully read the modified result.