jdashn 12 Posted February 18, 2022 Share Posted February 18, 2022 I was wondering if it would be possible to filter detections to exclude showing those from a specific origin? Thank you! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted February 19, 2022 Administrators Share Posted February 19, 2022 Not sure what you mean by specific origin. For instance, you can filter website threats using the filter Link to comment Share on other sites More sharing options...
jdashn 12 Posted February 21, 2022 Author Share Posted February 21, 2022 In my detection results, I can see results generated by an internal security scan. While i'm glad that ESET is blocking these threats, they are a known source, and not detections i would like to see when looking at a filtered list of detections. I can see that i can filter by Source Address to show all Detections from a source address -- I'd just like to NOT see all Detections from a source address in a filtered view. Maybe this should have been in remote management? Thanks! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted February 21, 2022 Administrators Share Posted February 21, 2022 The best would be if you could provide a screenshot for clarification and to make sure that we're talking about the same. If you are referring to network detections, you can create also IDS exclusions to prevent "attacks" from trusted IP addresses are not logged whatsoever. Link to comment Share on other sites More sharing options...
jdashn 12 Posted February 22, 2022 Author Share Posted February 22, 2022 I'd like for Eset to still block these attempts, but in this case, for instance, it is a known security scan being done against these computers, from a known address. I know i can add a filter to show all detections from a 'source address' , but i was hoping to exclude all detections from a 'source address' . Again, this likely should be in Remote management, but i really appreicate your assistance so far! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted February 23, 2022 Administrators Share Posted February 23, 2022 You can create a policy with an IDS rule like this: Link to comment Share on other sites More sharing options...
jdashn 12 Posted February 24, 2022 Author Share Posted February 24, 2022 Can i make that IDS rule based on Remote IP address, instead of Threat name? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted February 24, 2022 Administrators Share Posted February 24, 2022 Yes, it should be possible. Link to comment Share on other sites More sharing options...
Recommended Posts