DS-22025 Fix saved search to exclude system events

Author: chchhsiao

TrendMicroDeepSecurity/default/savedsearches.conf

@@ -60,7 +60,7 @@ auto_summarize.dispatch.earliest_time = -1d@h
 cron_schedule = 0 0 * * *
 description = All events from Deep Security's modules
 dispatch.earliest_time = -1h
-search = sourcetype=deepsecurity* NOT deepsecurity-system_events
+search = sourcetype=deepsecurity* sourcetype!=deepsecurity-system_events
 
 [Deep Security - Intrusion Prevention Events]
 alert.suppress = 0
@@ -78,7 +78,7 @@ auto_summarize.dispatch.earliest_time = -1d@h
 cron_schedule = 0 0 * * *
 description = All High and Critical severity events from Deep Security's modules
 dispatch.earliest_time = -1h
-search = sourcetype=deepsecurity* NOT deepsecurity-system_events cef_severity > 7
+search = sourcetype=deepsecurity* sourcetype!=deepsecurity-system_events cef_severity > 7
 
 [Deep Security - Application Control Events]
 alert.suppress = 0