In an environment like ours, we have numerous file transmissions that are monitored by Control Center. There are several process names that we ignore by having a rule where the action = no operation. One option is to build multiple rules that are set to match on a distinct process name. Another option is to build a rule where the operator is reg ex and list each process name and separate the process names by the pipe symbol. While either of these options will work, option 1 can result in numerous "ignore" rules and option 2 can result in a long reg ex string and can be messy to deal with.
I would like to be able to list each process name in a separate line in the rule definition, but when this is done "all" of the conditions of the rule must be met in order to be satisfied.
Currently rule parameters have three columns: key, operator, and value. I'm not sure how to word this, but can something be added where it allows the user to say either "all" of the information must be true or "any" of the information can be true?