RSA Admin

CRL -00107 Tampering of System Audit/Logs

Discussion created by RSA Admin Employee on Feb 5, 2010
Latest reply on Feb 12, 2010 by RSA Admin
Im getting hundreds of alerts on this CRL, the source is our IDS. How would i use a watchlist (of all IDS's) to exclude them? Of course i would use NOT IN but how do i configure it to use the list?

Outcomes