foxsec-pipeline
foxsec-pipeline copied to clipboard
Do not create alerts for reserved ip addresses
Because of errors in application logging (i.e., XFF header not being set) we sometimes will see events for ip addresses that we should not generate alerts for (i.e. 127.0.0.1). We should not generate alerts for these events and instead log the error and ensure there's some notification so we can investigate.