Describe the feature:
The SIEM detection rules for network events for "event.action : firewall-rules" should not create signals for "event.outcome : (deny or denied)" values.
Describe a specific use case for the feature:
These are all false positive results as the firewall is doing its job and preventing these connections. In high traffic firewalls, 10s or 100s of thousands of signals can be generated within 24 hours, that are all false positives.
Describe the feature:
The SIEM detection rules for network events for "event.action : firewall-rules" should not create signals for "event.outcome : (deny or denied)" values.
Describe a specific use case for the feature:
These are all false positive results as the firewall is doing its job and preventing these connections. In high traffic firewalls, 10s or 100s of thousands of signals can be generated within 24 hours, that are all false positives.