Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 10452 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Clearing Firewall events and history

SteveG

HI,

Something that I am starting to find very irritating is the fact that firewall events even after the creation of a rule do not dissapear from the console. This makes it extremely difficult to see what is current without getting lost in the detail produced by all the endpoints managed by the console.

The ability to clear events that have been delt with in the same way as we clear errors would be most helpful in a future release to make it easier to work through them.

:26817


This thread was automatically locked due to age.
Parents
  • 0

    Hello SteveG,

    IIRC I have made this suggestion the first time I've encountered it in one of the Betas. 

    The difference is that these are Events, not alerts or errors. To change the behaviour would require an additional atribute (like outstanding). But it is not that simple. Assume you create a rule for one of many identical events - you probably expect that all of them are flagged as dealt with, won't you? Or just those on the results list?

    And while this is still not too complicated consider a blocked connection (which includes a specific remote address) event. So you create a rule permitting any address, or any application. Now what with those events which would not have occurred had the rules already been in place (the rule doesn't exactly match even the event from which it has been created)? Well, I don't have a good idea how to handle this although I'd welcome a solution.

    Christian

    :26871
Reply
  • 0

    Hello SteveG,

    IIRC I have made this suggestion the first time I've encountered it in one of the Betas. 

    The difference is that these are Events, not alerts or errors. To change the behaviour would require an additional atribute (like outstanding). But it is not that simple. Assume you create a rule for one of many identical events - you probably expect that all of them are flagged as dealt with, won't you? Or just those on the results list?

    And while this is still not too complicated consider a blocked connection (which includes a specific remote address) event. So you create a rule permitting any address, or any application. Now what with those events which would not have occurred had the rules already been in place (the rule doesn't exactly match even the event from which it has been created)? Well, I don't have a good idea how to handle this although I'd welcome a solution.

    Christian

    :26871
Children
No Data