I have a Sentinel 7.2 installation auditing a Windows 2008 Active
Directory via Syslog using Snare Agent. Active Directory Environment has
4 Domain Controllers and I'm receiving the same event 4 times (i assume
is because of replication between DCs) and this makes difficult for
correlation rules to work properly. Is there a way to filter the
replicated events from Windows?

Thanks in Advance

mmarchese's Profile: https://forums.netiq.com/member.php?userid=1311
View this thread: https://forums.netiq.com/showthread.php?t=52548