• Support
  • Forums
  • Blogs

Is it possible to add a suppression condition "x mins from current time" to a rule?

agent-smithagent-smith

New Life Form
For example, I want to create a rule to ignore any alarms generated by a host that is less than 30 mins old - my bootstrapping process generates lots of false positives while applying domain policies etc. Is there any way to do this if so how could I go about it?

Share post:

Best Answer

  • Answer ✓
    guess you can make use of start time and end time and provide the time in rule and you need modify every time you are doing the activity, else you can create suppression rule from the generated alarm, i believe thats the best approach 
    agent-smith
Sign In or Register to comment.