Within the SSIM product you can create filters for each installed collector. When a new event matches one of these filters, the event will not be forwarded on to the SSIM Appliance and archived.

Do the following to review these filters:

1. Open the SSIM Console

2. Click the 'System' Tile

3. Click the 'Product Configurations' tab

4. Open the Collector you would like to filter

5. Select the Filter for that Collector and click the 'Filter' tab

New Filters can be created from this screen.  

Filters are case sensitive. So, for example, if the 'Value' field for a filter was set to: eicar

Then the filter would match 'eicar', but not 'Eicar'

To create a case insensitive filter, set the 'Value felid of the Filter to:

RegEx((?i)eicar)

Now the filter will match:

eicar

Eicar

EICAR

To detect the word 'eicar' anywhere with in the value, add:

RegEx((?i).*eicar.*)