Splunk Enterprise Security

exclude ip_intel feeds from Threat activity detected correlation search

Communicator

Threat activity detected correlation rule is too noisy because of IP_intel feeds. How can we exclude them.

0 Karma