Documentation Center
AlienVault® USM Appliance™

Known Issue: Negating IP Addresses in Directives

Reported Version: 5.3.4
Deployment: All deployments
AlienVault Ticket ID ENG-104884

Description

When creating or editing a directive rule, you cannot select and negate an asset's IP address (to prevent the asset from triggering an alarm) by directly selecting the asset from the asset list in the AlienVault USM Appliance web UI.

Workaround

To negate an IP address in a directive rule, you need to manually specify the asset's IP address in the directive rule's XML definition, for example:

Manual entry of negated asset's IP address in directive rule