After adding the windows servers in SA, agents are pushing the old windows events as alerts .I want the latest alerts to be triggered .How to ignore these old alerts.
What is the collection method (File,Syslog or Winrm)?
Alerts generated from Reporting engine or ESA?
Are you getting the latest windows logs(Current time) in the investigation page?
Can you clarify on which alerts are being sent? As well as the collection method?
Software installation Alerts ,collection method is winrm
Retrieving data ...