Jump to content

Jenova

Members
  • Content Count

    5
  • Joined

  • Last visited

Profile Information

  • Location
    Russia
  1. I've had my Web control rules logging level set to "warning" for couple of months already but they began to appear in detections only after last ESMC update.
  2. And what exactly does "appropriate severity" mean in this situation? Logging level is set to "warning" for those rules.
  3. I have several rules blocking specific URL groups (which were created manually) in Web Control settings and user attempts to open those URLs also generate detections after last ESMC update.
  4. It is indeed annoying and not something to worry about, just informational thing. It doesn't look suitable for "threat/detection" term - if you've got an event there it means the access was definitely blocked (not like file scanning for example: found a threat - was it cleaned? removed? just detected? Such events required attention) It would be much better to move it to reports section (Web control category is missing at the moment) and create default dashboard item "Web control detections" with web control logs (which I have done myself manually). If you need it to be part of Detections, please make it optional category, not default.
×
×
  • Create New...