Using the LogShipper to send logs to my SIEM. One application in particular is very chatty and the logs it sends are not that important. I am trying to create a business rule that will exclude that application from sending logs. Right now, I have the default rule and one additional rule: Query: NOT (app Like "My App"). This does not work, do I have to use Regex for this? Documentation for business rules are really poor.
Login to the community
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account
Login with SSO
Employee Partneror
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.