We have an outside scanning agency that is constantly doing nmap like scans of our external perimeter. It is generating a log of log data on the perimeter CISCO firewalls. We know the IPs that the scanning is coming from; is there a way to tell the forwarders to NOT forward that log data from the firewalls for those IPs? Thanks for any insights on this. Our Splunk SME are looking at CRIBL to do this but reading this thread makes me believe there are configuration settings that might address this? V/R Bob M.
... View more