How to tune a Playbook #9777
How to tune a Playbook
#9777
Replies: 1 comment
-
|
You would use a custom filter. The documentation for using these is found here: https://docs.securityonion.net/en/2.3/playbook.html?highlight=playbook#tuning-plays |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello, I read the documentation on tuning playbooks but I am still a little confused on how to accomplish the following:
One of the Windows playbook rules keeps alerting on the same rule for the same device. This is expected activity. What would be the appropriate syntax to tune out the alert if it matches a certain IP or hostname?
Beta Was this translation helpful? Give feedback.
All reactions