We have over 100 networks, with 1 to 2 servers with CSA 5.2 on them in each network. We stagger vulnerability scans on each network quarterly. Is there a way, to remove or filter the alerts for the IP address that scans these networks?
I've attempted to create a Network Access Control rule, inside a rule module, associated to a policy, associated to a group with all CSA servers included. I have also attempted to add that policy to all of the policies that are enforced on our agents. Neither of these sollutions worked.
Any suggestions would be greatly appreciated. Thank you in advance.