In LogRhythm NDR, whitelisting allows a user to create lists of safe events to prevent them from becoming cases and incidents. Whitelisting helps to reduce the number of false positive incidents.
To view the Whitelist page:
At the top of the LogRhythm NDR UI page, click the Settings tab.
In the drop-down menu, click Policy Management, and then click Whitelist. The Whitelist page appears.
The Whitelist page has two sections:
Section
Description
Location
Update/Delete Whitelist Entry Page
This section allows you to update or delete an existing whitelist.
Top
Whitelist List
This section displays a list of all existing whitelists.
Bottom
Working with Whitelists
To view the Whitelist List, scroll down to the bottom of the Whitelist page.
To sort a column in the Whitelist List, click the up/down arrow to the left of the column name.
To apply a filter to the Whitelist List, enter your search parameters into the search box using Lucene search syntax.
Update a Whitelist
To update a specific Whitelist, click the timestamp. The Whitelist details appear in the Update/Delete Whitelist Entry Page section.
You can update existing information and add new information to any field in the selected Whitelist.
When you are finished updating fields, click Update.
Delete a Whitelist
To update a specific Whitelist, click the timestamp. The Whitelist details appear in the Update/Delete Whitelist Entry Page section.
To delete the selected Whitelist, click Delete.
JavaScript errors detected
Please note, these errors can depend on your browser setup.
If this problem persists, please contact our support.
