Hi,
I was trying to reduce false positives from several rules and wanted to have few exceptions / whitelisting in place. Following is a sample scenario where I want to whitelist several domains that is triggering to the "
System Rule : Blacklist User Agent Match".
I cloned the rule and set few exception in the Exception Section as follows,
Moreover I have created few lists for easy management as follows,
This is one of those list I have created.
I tried the rule testing feature also but it won't whitelist the domains I excluded.
Since then I tried excluding in rule condition section as follows,
This won't work either. Still triggering the alarms for the whitelisted domains as well.
Following is a sample log that I'm trying to whitelist
Any suggestions on this matter?
Regards,
Isuru