In LogRhythm NDR, whitelisting allows a user to create lists of safe events to prevent them from becoming cases and incidents. Whitelisting helps to reduce the number of false positive incidents.
To view the Whitelist page:
-
At the top of the LogRhythm NDR UI page, click the Settings tab.
-
In the drop-down menu, click Policy Management, and then click Whitelist.
The Whitelist page appears.The Whitelist page has two sections:
Section
Description
Location
Update/Delete Whitelist Entry Page
This section allows you to update or delete an existing whitelist.
Top
Whitelist List
This section displays a list of all existing whitelists.
Bottom
Working with Whitelists
-
To view the Whitelist List, scroll down to the bottom of the Whitelist page.
-
To sort a column in the Whitelist List, click the up/down arrow
-
To apply a filter to the Whitelist List, enter your search parameters into the search box using Lucene search syntax.
Update a Whitelist
-
To update a specific Whitelist, click the timestamp.
The Whitelist details appear in the Update/Delete Whitelist Entry Page section. -
You can update existing information and add new information to any field in the selected Whitelist.
-
When you are finished updating fields, click Update.
Delete a Whitelist
-
To update a specific Whitelist, click the timestamp.
The Whitelist details appear in the Update/Delete Whitelist Entry Page section. -
To delete the selected Whitelist, click Delete.