• Support
  • Forums
  • Blogs

Exclude alienvault sensor from Vulnerability scan

lmilkeslmilkes

Entry Level
Hello, I'd like to know how to exclude an alienvault sensor that's on a different subnet than the main alienvault server from being scanned in an OSSEC vulnerability scan. To clarify, I'm not looking to have the alienvault server ignore alarms generated from the sensor, but to exclude the sensor from even being scanned when its IP is both the source and destination IP. Thanks!

Share post:

Answers

  • Looking for a way to exclude or "whitelist" hosts in vulnerability scans as well. I can't even figure out how to create a new group that doesn't have that host because it seems you can only create groups using filters.
  • Is there any solution to this !?
  • When creating or editing a vulnerability scan, in the text box that says "Type here to search assets (Hosts/Networks)", use this syntax to exclude hosts: !<host-ip>, then hit Enter. It will be moved to the box below, and excluded when the scan runs. 
Sign In or Register to comment.