Hi,
I'm fine-tuning exclusion rules in ESET Inspect and need some guidance on specifying a network-related condition. There's an executable in our environment that's connecting to a known and trusted IP address. However, it's being flagged for SSL communication on a non-standard port, which I need to suppress in our detections.
The exclusion rule I'm working with takes the file's LiveGrid reputation into account, and now I want to add a condition that checks for the specific remote IP address it connects to. The current setup of my rule is as follows:
<operation type="TcpIpProtocolIdentified">
<condition component="Network" property="_________" condition="is" value="13.69.128.10"/>
</operation>
Could you advise on which property of the Network component I should use to correctly filter based on the IP address?
Appreciate your insights!