DS-22025 Fix saved search to exclude system events

chchhsiao · DeepSecurityOpenSourceSupport · commit 31ba45b86e95 · 2018-06-04T16:39:56.000+08:00
diff --git a/TrendMicroDeepSecurity/default/savedsearches.conf b/TrendMicroDeepSecurity/default/savedsearches.conf
@@ -60,7 +60,7 @@ auto_summarize.dispatch.earliest_time = -1d@h
 cron_schedule = 0 0 * * *
 description = All events from Deep Security's modules
 dispatch.earliest_time = -1h
-search = sourcetype=deepsecurity* NOT deepsecurity-system_events
+search = sourcetype=deepsecurity* sourcetype!=deepsecurity-system_events
 
 [Deep Security - Intrusion Prevention Events]
 alert.suppress = 0
@@ -78,7 +78,7 @@ auto_summarize.dispatch.earliest_time = -1d@h
 cron_schedule = 0 0 * * *
 description = All High and Critical severity events from Deep Security's modules
 dispatch.earliest_time = -1h
-search = sourcetype=deepsecurity* NOT deepsecurity-system_events cef_severity > 7
+search = sourcetype=deepsecurity* sourcetype!=deepsecurity-system_events cef_severity > 7
 
 [Deep Security - Application Control Events]
 alert.suppress = 0
