Hello,
I am an Elastic Engineer in charge of a deployment with a focus on security. I have recently started looking delving into our network traffic in a little bit more depth. I have started with Suricata, and quickly realized that a lot of the alerts that are firing are related to the Nessus/ACAS scans that are being run in our environment.
Have any of you worked in a similar environment, and if so what did you do to either reduce the amount of alerts that were related to ACAS scanning the environment or is it just part of operating with both technologies in the environment?
Thanks,
Alex