We have an IDS which serves multiple customers. How can I use eStreamer to pull data from the IPS, but only bring back certain IP ranges. We do not want to mix customer data.
eStreamer doesn't have the smarts i the server side (the FMC) of the API to filter event data. The FMC does support multiple domains so if you have multiple IDS devices you could place them in different domains and use separate estreamer clients (like encore) to collect each customers data.
Other solutions would involve filtering of data on the client side but you'd still be collecting all events for which the policy is set to generate events.
eStreamer doesn't have the smarts i the server side (the FMC) of the API to filter event data. The FMC does support multiple domains so if you have multiple IDS devices you could place them in different domains and use separate estreamer clients (like encore) to collect each customers data.
Other solutions would involve filtering of data on the client side but you'd still be collecting all events for which the policy is set to generate events.