The most common modifications that you can do from the Events table include the following
items:
- Edit event filters — When you review event information, you may want to modify event filter settings to better react to events. For example, a filter that is generating a high number of alerts may need to be changed so that it is not invoked against certain types of events.
- Create event filter exceptions — Filters may not always respond correctly to source and destination IP addresses. For example, you may have a filter set to block packet traffic to all hosts; however, some benign traffic is destined for a specific host in your network. In that case, you can create a filter exception. Learn more about filter exception limits.
- Create traffic management filters — When you review event information, you might want to create a Traffic Management filter to block, trust, permit, or rate limit traffic based on different protocols and specific source and destination IP addresses.