We would like to use Command filters to enable the recording on violations and receive Syslog events. This is working correctly, but for every event, we also received an email. Is it possible to disable email notification for this type of event, maintaining it enabled for the other events (such as NFS down, node unreachable etc.)?
Release : 4.0
Component : PRIVILEGED ACCESS MANAGEMENT
To many emails being received.
In the current application design, it's not possible to select events that should trigger the email and what events not to send emails.
For session recording with Command Filter Configuration (CFC) enabled, if we need to stop email notifications for violations, we would have to disable session recording on violations then this would be a bigger audit concern.