How to suppress alerts only from specific agents

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

http://www.ossec.net

Other

4.5k stars 1.04k forks source link

How to suppress alerts only from specific agents #1956

Open innovate-support opened 3 years ago

innovate-support commented 3 years ago

I use Ossec on Security Onion. I'd like to suppress some specific ossec alerts based on rule.uuid and either agent.ip or agent.name while leaving the alert functional for all other agents. How would I accomplish this?

bigtrucker89 commented 3 years ago

Did you want to know how to do this in the SO GUI?

innovate-support commented 3 years ago

I'll take any advice you can give. The SO GUI doesn't allow such an option right now, so I figure I need to edit some config.