RSA Admin

Whitelisting known good sources to avoid false positives

Discussion created by RSA Admin Employee on May 15, 2012
Latest reply on May 16, 2012 by RSA Admin
Hi, I want to avoid false positives that result from activity of my network vulnerability scanner (NVS). I have a watchlist for the NVS' IP addresses but not sure how to apply it. There are many views which include the types of things that the NVS triggers, like multiple failed logins. What's the most efficient way of applying the watchlist to NOT raise alerts for legitimate NVS activity? Thanks, Mark.