chg: [Administration] add correlation exclusions section

pull/253/head
Jeroen Pinoy 2021-03-24 22:13:37 +01:00
parent 048d377041
commit 00c0febc58
No known key found for this signature in database
GPG Key ID: DF33A50B8E4EE081
2 changed files with 12 additions and 0 deletions

View File

@ -363,6 +363,18 @@ When viewing the list of allowlisted addresses, the following data is shown: The
![You can edit or delete currently allowlisted addresses using the action buttons on this list.](figures/allowedlist.png) ![You can edit or delete currently allowlisted addresses using the action buttons on this list.](figures/allowedlist.png)
## Managing correlation exclusions
Correlation exclusions allow you to exclude certain values from the correlation engine. Values can be 1:1 matches or substring searches denoted with a leading or ending '%', or both.
Examples:
- https://www.google.com/% will match anything starting with https://www.google.com/
- %google.com% will match anything that contains google.com
After adding an exclusion, new values coming in will not correlate if they match any of the correlation exclusions. To remove existing correlations run the cleaner tool (see 'Clean up correlations' button in screenshot below).
![index view of correlation exclusions, showing examples of exclusions with a leading, ending wildcard](./figures/correlationExclusions.png)
*Note: the JSON source field is not used yet*
## Using MISP logs ## Using MISP logs
Users with audit permissions are able to browse or search logs that MISP automatically appends each time certain actions are taken (actions that modify data or if a user logs in and out). Users with audit permissions are able to browse or search logs that MISP automatically appends each time certain actions are taken (actions that modify data or if a user logs in and out).

Binary file not shown.

After

Width:  |  Height:  |  Size: 27 KiB