UTMStack
Custom Rule Not Applied Over Default System Rules #1033
-
|
Hello. I created the custom rule folder and an empty ldap_attributes.yml file to take precedence over the original system rule to suppress the "Windows: Access to a Sensitive LDAP Attribute" alerts. However, I am still receiving tons of alerts. What am I doing wrong?
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi @zengrotrust, to suppress an alert with a custom rule, you have to create another "valid" alert with the same "name" attribute value as the rule that you want to suppress. Best regards |
Beta Was this translation helpful? Give feedback.
-
|
thanks for replying @c3s4rfred ! That fixed it. |
Beta Was this translation helpful? Give feedback.
Hi @zengrotrust, to suppress an alert with a custom rule, you have to create another "valid" alert with the same "name" attribute value as the rule that you want to suppress.
Best regards