Is it possible to filter security event data, before sending them to a SIEM product such as Splunk ?
Release: Component: CEVM
Security event data can be filtered by the Policy Statement Event Selections and Test Conditions. Also with the Compliance Event Manager SIEM Policy Actions you can select what security event data is sent to a SIEM application such as SPLUNK. Once the Policy event selection criteria and SIEM Policy Action is setup to select the security event data to be sent to the SIEM application no more filtering can be done.