A New Community Experience is Coming! For more information, please see our announcement
A lot of RECOG - Web Scanner detected against exposed services
I have many event type every day ( ID:2012936 , ET SCAN ZmEu Scanner User-Agent Inbound )
The same source ip address creates many identical alarms and many identical tickets because I setted yes the option Open Tickets for new alarms automatically.
How can I aggregate this identical alarms?
Maybe it's possible with a new directive?