We use Nessus in conjunction with LEM (6.1). Some of our Nessus scans are designed to check for and attempt to use ...\administrator on Windows devices. I need to whitelist this activity by Source IP or whatever I can on the LEM for all of our Nessus Scanners. I only need the results of the Nessus scan in the Nessus app. I do not need to see
|NetworkIncident||logon failure "\administrator"||---------------- redacted ----------------------||9:08:14 Thu Mar 10 2016||9:08:14 Thu Mar 10 2016||4||vista security||Critical Account Logon Failures||microsoft-windows-security-auditing 4625|
or get the email spam a predecessor decided to set up.
I'd prefer to just whitelist all activity from my Nessus scanners as far as the LEM is concerned.