My question is in regards to testing our enclave. I have an entity that probes/tests/scans our enclave for thousands of vulnerabilities per IP. I stopped the entries in the traffic-log by creating duplicate security rules with logging disabled. However, threat matches from Vulnerability Protection naturally write to the threat-log every time a rule match is made. I want the defined vulnerability protection actions to occur without the log entry being written to the threat log. On the Vulnerability Protection Security Profile, i f a wildcard existed or it was possible to be used for a blanket exception, the exceptio would change the scan results, so I do not want an exception there. I just want to provide the protection in the profile without the log bloat reaching my threat-log from all the scanning. Is there a way to do so ?
... View more