Filter detections to exclude showing those from a specific origin?

[jdashn 12]

I was wondering if it would be possible to filter detections to exclude showing those from a specific origin?

 

Thank you!

[Marcos 5,074]

Not sure what you mean by specific origin. For instance, you can filter website threats using the filter

[jdashn 12]

In my detection results, I can see results generated by an internal security scan. While i'm glad that ESET is blocking these threats, they are a known source, and not detections i would like to see when looking at a filtered list of detections. I can see that i can filter by Source Address to show all Detections from a source address -- I'd just like to NOT see all Detections from a source address in a filtered view.

Maybe this should have been in remote management?

Thanks!

[Marcos 5,074]

The best would be if you could provide a screenshot for clarification and to make sure that we're talking about the same.

If you are referring to network detections, you can create also IDS exclusions to prevent "attacks" from trusted IP addresses are not logged whatsoever.

[jdashn 12]

 

I'd like for Eset to still block these attempts, but in this case, for  instance, it is a known security scan being done against these computers, from a known address. I know i can add a filter to show all detections from a 'source address' , but i was hoping to exclude all detections from a 'source address' .

Again, this likely should be in Remote management, but i really appreicate your assistance so far!

[Marcos 5,074]

You can create a policy with an IDS rule like this:

[jdashn 12]

Can i make that IDS rule based on Remote IP address, instead of Threat name?

[Marcos 5,074]

Yes, it should be possible.