Issue: I am attempting to use operators within the "advanced filter" section of log searching. My goal is to obtain port scan logs from any IP address with the exception of a single internal IP. The only operators I see available, however, are (*) and (?) within the "remote IP address" field. Idealistically, my search would be: * NOT <ip address>.
Exact location within product: I am using the symantec endpoint protection manager web console. Under Monitors > Logs > Log Type: Network Threat Protection > Advanved Filters
Does anyone have advice on how to exclude specific IP addresses from the log search? In this case, I have internal vulnerability scanners that trigger valid port scans and would like to ignore their logs within this specific filter.