Step 2 - Route Events to the New-Scale Analytics Engine
The goal of this step is to create an event filter in Log Stream that will define the events that you want to route to the New-Scale Analytics detection engine.
This type of filtering can help reduce the cost of processing events that have no security value, reduce the number of false positives, and reduce the generation of unnecessary alerts. For more information about how this type of filtering works, see Event Filtering in the Log Stream Guide.
On the New-Scale Security Operations Platform home page, navigate to Security Management column and click the Log Stream tile.
Click on the Event Filtering tab at the top of the Log Stream page. The Event Filtering and Routing page opens. This page is divided into two portions. The top section allows you to create event filters that route events to the New-Scale Analytics detection engine. The bottom section is for creating filters to route events to the Attack Surface Insights application.
In the Detection Engine section of the page, click Add Event Filter. The Add Event Filters for Detection Engine dialog box opens.
Click the Select all option just below the search bar at the top of the dialog box. All of the listed vendors and products will be checked.
If you want to exclude some vendors or products from the selected list, click on individual checkboxes to unselect them. For example, you may want to exclude vulnerability scanners (such as those from Qualys, Rapid7, or Tenable) from sending events to the New-Scale Analytics engine because they often give the false impression of malicious activity.
Click Add Event Filters to save the selection.