Snort mailing list archives
excluding a host from rule
From: "Chang, Andre" <achang () southernwine com>
Date: Thu, 30 May 2002 17:19:32 -0400
Can you exclude specific hosts from triggering the alert in a rule? But still get alerted by that rule if any other hosts try the same action. Example you have a port scan on your network and you do not want to get alerted by that host doing the scan but you do want to get alerted by anyone else performing a port scan.
Current thread:
- excluding a host from rule Chang, Andre (May 30)
- Re: excluding a host from rule Alex Pinheiro Machado Rodrigues (May 30)
- Re: Re: excluding a host from rule Joe McAlerney (May 30)
- RE: excluding a host from rule Don (May 31)
- Re: excluding a host from rule Alex Pinheiro Machado Rodrigues (May 30)