Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Time of Day Alert Suppression

From: Steven J <sjm () lyricalsecurity com>
Date: Fri, 13 Oct 2017 17:48:27 -0400
The rule is frequently triggered by the dev-team but would be an event of
interest otherwise.
Thank you for the response, Joel.  I'll continue filtering it from my
reports.

*Steven Malm*
Roc-Analyst
*Lyrical Security*
174 Spadina Ave, Suite 400, Toronto, ON, Canada - M5T 2C2
*mobile: *(705) 440-3339 <(416)%20988-6886>
*e-mail:* sjm () lyricalsecurity com <motto () lyricalsecurity com>

On Fri, Oct 13, 2017 at 5:01 PM, Joel Esler (jesler) <jesler () cisco com>
wrote:




On Oct 13, 2017, at 11:42 AM, Steven J <sjm () lyricalsecurity com> wrote:


Hello all, and thank you for allowing me to join this community.

I currently have Alerts I need to suppress for certain time periods
through the day.  I found a 2003 Archive request which suggests this is
best handled manually, during post-alert analysis.

Just wondering if this has been revisited?



No, manual is still the best way of handling this.  I assume this is for
some specific job that happens at a certain time of day?  Can you ignore
the traffic between those two IPs, or suppress?




_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: