SIEM Metodo raccomandato da Alien Vault per il silenziamento del rumore

Ho contattato AlienVault via e-mail e mi hanno inviato lo stesso workaround che hai descritto nella tua domanda:

1.- create 2 policies. go to configuration -> threat intelligence -> policies. chose default group.

2.- first policy will have AlienVault Appliance IP as source ip. click new policy. set a name for the policy - like ’from AV' on source ip select alienvault appliance asset from asset tree on destination field select any on siem consequence select no.

3.- Second one, AlienVault Appliance IP as Destination. click new policy. set a name for the policy - like ’to AV' on destination ip select alienvault appliance asset from asset tree on source field select any on siem consequence select no.

4.- Reload Policies You should have a red label/button ‘reload policies’ click it.

This will prevent AlienVault to capture and analyse its own traffic.