Trying to write a filter on alerts
(( zone.src neq outside ) and ( name-of-threatid neq 'ZeroAccess.Gen Command and Control Traffic' ))
Instead of this being a classic AND, this is taking both individually. How do I fix this? Effectively Im trying to filter this alert if its sourced from the outside. I still care about it if its from the inside.
No comments:
Post a Comment