Hi
Currently PCI 1.2 - Rule - Detect Communication Directly To Untrusted From Trusted is configured to send e-mail alerts and alert mode is set as always , and it is scheduled to run on cron schedule (6****)
But we noticed that we are receiving some false positive alert e-mail with no events
So I tried to modify the alert condition from always to number of events > 5 after saving it and when I reopen the saved search the alert mode goes back to always
Can any body help me on this
regards
muralee
... View more