Exclusions - wildcards.
Moderators: scottr, Moderator Team
7 posts
• Page 1 of 1
Exclusions - wildcards.
by afo8n » Mon Dec 13, 2010 11:10 am
Hey all.
Looking to exclude not one host but a subnet from certain analytics. Can't seem to figure out the syntax.
Is this possible?
Thanks for any help...
Alan
Looking to exclude not one host but a subnet from certain analytics. Can't seem to figure out the syntax.
Is this possible?
Thanks for any help...
Alan
- afo8n
- Posts: 2
- Joined: Mon Dec 13, 2010 11:07 am
Re: Exclusions - wildcards.
by pauld » Mon Dec 13, 2010 11:30 am
Hi afo8n,
When you're running a report you can add both inclusion and exclusion filters, so what you'll want to do is add a "Subnet" filter and then click the small green square so it turns red which makes it an exclude filter.
If you're having trouble finding the button I'm talking about, take a look at #2 on this blog about the Top 5 Scrutinizer features you never use.
Let me know if you have any questions.
Thanks,
Paul
When you're running a report you can add both inclusion and exclusion filters, so what you'll want to do is add a "Subnet" filter and then click the small green square so it turns red which makes it an exclude filter.
If you're having trouble finding the button I'm talking about, take a look at #2 on this blog about the Top 5 Scrutinizer features you never use.
Let me know if you have any questions.
Thanks,
Paul
-
pauld - Posts: 156
- Joined: Mon Jan 04, 2010 10:05 am
- Location: Sanford, Maine
Re: Exclusions - wildcards.
by afo8n » Mon Dec 13, 2010 11:38 am
Hey Paul.
Thanks for the info. Am looking to accomplish this within Flow Analytics (FA), not Scrutinizer. Am using the Flow Analytics exclusion gadget to do so.
Objective is to have certain subnets or ranges of IP's excluded from specific FA algorithms in order to decrease the number of false positives.
Pardon me if I am incorrect - this is my second day with the product.
Thanks for the help...
Thanks for the info. Am looking to accomplish this within Flow Analytics (FA), not Scrutinizer. Am using the Flow Analytics exclusion gadget to do so.
Objective is to have certain subnets or ranges of IP's excluded from specific FA algorithms in order to decrease the number of false positives.
Pardon me if I am incorrect - this is my second day with the product.
Thanks for the help...
- afo8n
- Posts: 2
- Joined: Mon Dec 13, 2010 11:07 am
Re: Exclusions - wildcards.
by mkrygeri » Mon Dec 13, 2010 11:51 am
Hi afo8n,
Unfortunately, subnet exclusions are not yet available in FA.
-MikeK
Unfortunately, subnet exclusions are not yet available in FA.
-MikeK
- mkrygeri
- Posts: 87
- Joined: Tue Aug 02, 2005 8:47 am
Re: Exclusions - wildcards.
by pauld » Mon Dec 13, 2010 11:54 am
Hi afo8n,
Currently, you can't add Flow Analytics exclusions by subnet. We really value customer feedback so what I'm going to do is open up a feature request with development to add this functionality.
Let me know if there's anything I can help with.
Thanks,
Paul
Currently, you can't add Flow Analytics exclusions by subnet. We really value customer feedback so what I'm going to do is open up a feature request with development to add this functionality.
Let me know if there's anything I can help with.
Thanks,
Paul
-
pauld - Posts: 156
- Joined: Mon Jan 04, 2010 10:05 am
- Location: Sanford, Maine
Re: Exclusions - wildcards.
by filobeddo » Wed Jun 22, 2011 7:03 am
I was going to start a thread requesting this but read this one and so will second this feature request.
Having just started using FA I quickly saw I would ideally need to exclude subnets from FA alarms, for example I have 2 subnets populated with CCTV cameras which all multicast as part of their normal operation.
These are creating alarm events from FA. Excluding them one by one is not practicle for the number I have.
Hope to see this on a future maintenance release.
Thanks!
Having just started using FA I quickly saw I would ideally need to exclude subnets from FA alarms, for example I have 2 subnets populated with CCTV cameras which all multicast as part of their normal operation.
These are creating alarm events from FA. Excluding them one by one is not practicle for the number I have.
Hope to see this on a future maintenance release.
Thanks!
- filobeddo
- Posts: 10
- Joined: Fri Apr 08, 2011 8:27 am
- Location: London, England
Re: Exclusions - wildcards.
by mattstjean » Wed Jun 22, 2011 7:29 am
Thank you for the reply, filobeddo.
I have added your feature request for review by our developers. Feel free to shoot any other great ideas our way!
I have added your feature request for review by our developers. Feel free to shoot any other great ideas our way!
-
mattstjean - Posts: 3
- Joined: Tue May 31, 2011 10:41 am
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests