NetIQ Sentinel: New correlation rule operator: Not match subnet

Hi,
Currently in Sentinel it is quite impossible to create whitelist correlation rules with TargetIP. We have a use case that requires if TargetIP does not match certain whitelisted subnet then send alert. In correlation rules only operand available is "match subnet" which works only with blacklisted subnets.

So a new operator is required.

by: Timo S. | over a year ago | Configuration

After more study: I believe this functionality can be achieved in free form view and using "AND NOT" statement before "match subnet" operator while editing correlation rule.

by: Timo S. | over a year ago
Okay, thanks for checking on this Timo. I am going to close this idea. Let me know if there is any change.

by: Ted E. | over a year ago

Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.

1

New correlation rule operator: Not match subnet

Comments