Snort mailing list archives
RE: Configuring False positives
From: Tom Sevy <tsevy () epx com>
Date: Fri, 23 Nov 2001 14:46:14 -0500
I have found that when I do this, then another rule catches it and alerts..... -----Original Message----- From: Erek Adams [mailto:erek () theadamsfamily net] Sent: Friday, November 23, 2001 2:41 PM To: Arvind Clemente Cc: Snort-users () lists sourceforge net Subject: Re: [Snort-users] Configuring False positives On Fri, 23 Nov 2001, Arvind Clemente wrote:
I am new to snort. I am getting a lot of Code Red v2 alerts from other machines. How can i configure snort for false positives so that it does not alert me for only code red v2.
Find the rule in the corresponding rule file, then disable it with a '#' at the front of the line. ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Configuring False positives Arvind Clemente (Nov 23)
- Re: Configuring False positives Erek Adams (Nov 23)
- <Possible follow-ups>
- RE: Configuring False positives Tom Sevy (Nov 23)
- RE: Configuring False positives Erek Adams (Nov 23)
- Slightly OT Jim Kipp (Nov 29)
- Configure for Mysql Jim Kipp (Dec 01)
- Message not available
- Re: Configure for Mysql Jim Kipp (Dec 02)
- RE: Configuring False positives Erek Adams (Nov 23)