Aug 29 2022 10:36 AM
Is there a way to change the status of a potentially malicious event as safe so it no longer shows up on the map?
Also, is there a way to create some logic in Sentinel to say if any activity comes from a specific IP Address (like the one showing up in the potentially malicious event) to NOT show up on the map and instead just give an informational alert that it happened? I started to try and create a rule to do this (see below) but not sure if I'm going about it the correct way.
Aug 29 2022 10:59 AM
SolutionAug 30 2022 09:08 AM
Aug 30 2022 09:14 AM
Aug 29 2022 10:59 AM
Solution