It looks like you're new here. If you want to get involved, click one of these buttons!
Right now in the directives there are several variables available out of box like From To USERNAME PASS USERDATA1....9
I would like to filter based on some data in the Payload or Rawdata
1. I would like it to alarm for all URL but when some URLs are shown in payload or raw data i would like it to not alarm on those
2. If i filter based on the IP then it could filter more alarms if there are more URLs hosted on the same IP
If it's not possible through the Threat Intelligence > Directives interface, please let me know how i would go about customizing this any other way.
You help would be greatly appreciated