-
|
Is there a way to tune out the x509 analyzer from the Zeek files.log? We are receiving an overwhelming amount of x-x509-ca-cert and x-x509-user-cert mimetypes that we would like to tune out. |
Beta Was this translation helpful? Give feedback.
Answered by
dougburks
Apr 5, 2022
Replies: 1 comment
-
|
If you want to stop ingesting Zeek x509 logs altogether, you can use |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
dougburks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you want to stop ingesting Zeek x509 logs altogether, you can use
so-zeek-logs:https://docs.securityonion.net/en/2.3/so-zeek-logs.html