• Support
  • Forums
  • Blogs

How to stop generating unwanted logs in alien vault ?

MadanMadan

New Life Form
I am new at Alienvault USM and after successfully deploying it in out Infra i noticed that event related to Alienvault host are flooding the SIEM panel. 

I'd like to configure USM to show only events from the assets that i want & Also is that possible to stop generating the logs in it which help to save the disk space.

Share post:

Best Answer

  • Answer ✓
    Madan,

    What you are looking for is policy management, although there is an extra note required on this question.

    AlienVault's OSSIM/USM solutions are designed to watch assigned networks, not particular assets. In such, they will generate assets, and events, for any activity within their defined home-net(s). If you are wanting to monitor a subset of devices, the general security best practice is to move those assets to their own network, and enforce border security rules on that subnet.

    This said, the documentation for policy management, including how to create policies for discarding unwanted events, can be found at the following URL:


    Madan

Answers

Sign In or Register to comment.