Disable Re-Alerting
33 views
Skip to first unread message
Bongani Buthelezi
Sep 6, 2023, 5:22:23 AM9/6/23
to Wazuh | Mailing List
Hi Team,
Is there a way to disable re-alerting of the same events from the same log file?
I have noticed when new log entries are added to my file. Wazuh seems to re-alert on all the initial events/logs it has already alerted on earlier.
I have added two screenshots to show the initial alerting and the alerting after two new log entries were added to the file.
I have noticed when new log entries are added to my file. Wazuh seems to re-alert on all the initial events/logs it has already alerted on earlier.
I have added two screenshots to show the initial alerting and the alerting after two new log entries were added to the file.
Kind regards,
Bongani
Message has been deleted
Ian Yenien Serrano
Sep 7, 2023, 4:22:46 AM9/7/23
to Wazuh | Mailing List
Hi, sorry for the delay, but I had replied to you and for some reason the message got deleted,
I understand that you have custom rules and you want to see 1 time on the dashboard, all logs that match the rules you have will be added to the dashboard, what you can do is add the "ignore" setting to the rule so that once a rule is executed it waits that long to be taken into account again.
https://documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/rules.html#rule
Reply all
Reply to author
Forward
0 new messages